Overview
- Microsoft, which published an advisory on Wednesday, assigned the defect the identifier CVE-2026-50656 and said it is working on a high-quality security update.
- RoguePlanet is a race-condition elevation-of-privilege bug in the Microsoft Malware Protection Engine that can spawn a command shell with SYSTEM-level rights and carries a CVSS score of 7.8.
- The public proof-of-concept released by researcher Nightmare Eclipse has been shown to work on fully patched Windows 10 and Windows 11 installs and can run regardless of Defender real-time protection, though success can vary by machine.
- Microsoft says it has not seen confirmed exploitation in the wild but has rated the flaw 'Exploitation More Likely,' so defenders should apply interim mitigations, tighten local account controls, and increase detection and logging.
- The release is part of a wider dispute between the researcher and Microsoft after several recent zero-day disclosures, a rift that has strained coordinated disclosure practices and may push faster vendor fixes and new disclosure debates.