Ethical Hacking News
A new zero-day vulnerability has been discovered by Chaotic Eclipse, targeting fully patched Windows systems. The RoguePlanet Microsoft Defender zero-day flaw relies on a race condition that can provide attackers with SYSTEM-level privileges. While Microsoft has criticized the researcher for irresponsible disclosure, the implications of this vulnerability are significant and highlight the importance of responsible vulnerability reporting.
The RoguePlanet Microsoft Defender zero-day vulnerability can provide attackers with SYSTEM-level privileges. Patched systems, including Windows 10 and Windows 11, may still be vulnerable to this exploit. A race condition in the vulnerability allows attackers to execute code with high permissions. Chaotic Eclipse's disclosures are believed to stem from a dispute with Microsoft over vulnerability reporting. The implications of this vulnerability are significant, as an attacker could gain SYSTEM-level privileges on a fully patched Windows system.
Chaotic Eclipse, a security researcher also known as Nightmare-Eclipse, has recently unveiled a proof-of-concept (PoC) exploit for the RoguePlanet Microsoft Defender zero-day vulnerability. The flaw relies on a race condition that can provide attackers with SYSTEM-level privileges, allowing them to execute code with the highest permissions.
According to Chaotic Eclipse, the exploit was successfully tested on fully updated Windows 10 and Windows 11 systems running the June 2026 Patch Tuesday updates, showing that patched systems may still be vulnerable. The researcher stated that he spent weeks working almost continuously to develop a working RoguePlanet exploit after Microsoft updates initially broke the prototype.
Chaotic Eclipse also claimed to have discovered additional memory corruption vulnerabilities in Defender and other Microsoft components. However, Microsoft has criticized Chaotic Eclipse for revoking access to their MSRC account, rejecting reports, and failing to provide compensation. Microsoft's Security Response Center stated that the zero-day vulnerabilities were not responsibly disclosed and that Coordinated Vulnerability Disclosure, a standard practice where a researcher notifies a vendor privately, gives them time to fix the issue, is crucial in protecting customers from attackers who pick up published exploit code.
The RoguePlanet exploit currently does not work on Windows Server because standard users cannot mount ISO images. However, Chaotic Eclipse claims that the underlying vulnerability still affects server installations and only requires a different exploitation method.
Chaotic Eclipse's disclosures are believed to stem from a dispute with Microsoft over the vulnerability reporting process. The researcher previously disclosed three Microsoft Defender vulnerabilities, including BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091). Additionally, Chaotic Eclipse also released PoCs for YellowKey and GreenPlasma, two other Windows zero-day vulnerabilities that affect BitLocker and the Windows Collaborative Translation Framework (CTFMON).
The implications of this vulnerability are significant. If successful, an attacker could gain SYSTEM-level privileges on a fully patched Windows system, allowing them to execute code with the highest permissions.
In conclusion, Chaotic Eclipse's RoguePlanet exploit is a serious zero-day vulnerability that targets fully patched Windows systems. While Microsoft has taken steps to strengthen Defender against path redirection attacks, the fact remains that patched systems may still be vulnerable to this exploit. It highlights the importance of Coordinated Vulnerability Disclosure and the need for researchers to ensure that their disclosures are done responsibly.
Related Information:
https://www.ethicalhackingnews.com/articles/RoguePlanet-Exploit-A-Zero-Day-Vulnerability-Targeting-Fully-Patched-Windows-Systems-ehn.shtml
https://securityaffairs.com/193436/security/chaotic-eclipse-unveils-rogueplanet-exploit-targeting-fully-patched-windows.html
https://nvd.nist.gov/vuln/detail/CVE-2026-33825
https://www.cvedetails.com/cve/CVE-2026-33825/
https://nvd.nist.gov/vuln/detail/CVE-2026-45498
https://www.cvedetails.com/cve/CVE-2026-45498/
https://nvd.nist.gov/vuln/detail/CVE-2026-41091
https://www.cvedetails.com/cve/CVE-2026-41091/
Published: Wed Jun 10 17:50:23 2026 by llama3.2 3B Q4_K_M
