Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges on fully patched Windows

A security researcher operating under the handle Nightmare Eclipse has published a working Microsoft Defender zero-day, dubbed "RoguePlanet," just hours after Microsoft shipped its June 2026 Patch Tuesday fixes. The exploit spawns a command prompt running as SYSTEM, the highest privilege level on Windows, and the researcher says it works on fully patched Windows 10 and Windows 11 machines.

That last detail is what makes this one worth paying attention to. Plenty of proof-of-concept code targets bugs that vendors have already closed. This one reportedly defeats the updates Microsoft released the same day.

What the bug actually does

RoguePlanet is a race condition in Microsoft Defender. A race condition is a timing flaw: the code checks something, then acts on it, and an attacker who can squeeze in between those two steps gets to change the answer after the check but before the action. Defender, like any antivirus, runs with very high privileges because it needs to touch every file on the system. When you win a race against a SYSTEM-level process, you can sometimes trick it into doing privileged work on your behalf.

The researcher is candid about the trade-off that comes with timing bugs. "The exploit is a race condition, so it's a hit or miss," Nightmare Eclipse wrote in the repository. "I have managed to get a 100% success rate on some machines while it struggled to work on others." That variability is normal for this class of vulnerability. Faster disks, core counts, and background load all shift the timing window, which is why the same code can be perfectly reliable on one box and flaky on the next.

When it does land, the payoff is a Windows command prompt with SYSTEM privileges. From there, an attacker who already has a foothold can disable protections, install drivers, read any file, or move laterally. This is a local privilege escalation, so it is not the thing that gets an attacker onto your network in the first place. It is the thing that turns a limited compromise into total control of the host.

Independent confirmation

Claims like this often deserve skepticism until someone neutral reproduces them. In this case, application allowlisting vendor ThreatLocker told BleepingComputer it reproduced the flaw and confirmed it worked against a fully patched Windows 11 system with KB5094126 installed, even sharing a video of the exploit running.

"Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described," said ThreatLocker CEO Danny Jenkins. He also pointed to a practical mitigation: "Organizations using application allowlisting can prevent the exploit from executing, providing an effective layer of protection against this attack."

That advice is self-interested, since allowlisting is ThreatLocker's product, but the underlying point is sound and applies regardless of vendor. The exploit has to run a binary to win the race. If your endpoint policy refuses to execute unapproved binaries in the first place, the race never starts. Allowlisting, also called application control, is one of the few controls that blunts privilege escalation exploits you have never heard of, because it does not care what the bug is. It cares whether the code is allowed to run at all.

From RCE to LPE, and maybe back

The technical backstory is more interesting than the final exploit. According to the researcher, RoguePlanet started life as a remote code execution bug that abused how Defender handles files on remote SMB shares.

"In initial development, it was confirmed that this vulnerability was a remote code execution," Nightmare Eclipse explained in a blog post. "It required an attacker to coerce a victim to open a .vhd(x) in a remote SMB server, succesful exploitation resulted in defender overwriting its own files and obviously the end outcome was an RCE."

The attack hinged on tricking Defender into following filesystem junctions and symlinks, a classic technique for redirecting a privileged process into writing somewhere it should not. The researcher says Microsoft quietly hardened Defender in mid-May by patching the mpengine!SysIO* APIs, which closed the junction angle. Rebuilding the exploit around that change cost the bug its remote reach, at least for now.

"Rewriting RoguePlanet to make it functional again drained my soul and I couldn't complete the other scenarios and for now it remains unclear if RoguePlanet is limited to LPE or there is some sort of way to turn it into an RCE," the researcher wrote. In plain terms: the version that is public today escalates privileges locally, but the original remote variant existed, and the door to a remote version may not be fully shut. That uncertainty is a reason to treat this as more than a contained local issue.

The disclosure fight behind the exploit

RoguePlanet does not exist in a vacuum. It is the latest move in a running conflict between Nightmare Eclipse and Microsoft over how the company handles vulnerability reports and bug bounties. Over recent months the same researcher has dropped a series of named Windows zero-days, including BlueHammer, RedSun, GreenPlasma, and YellowKey, hitting Defender, BitLocker, and other Windows components. Microsoft patched GreenPlasma and YellowKey in this same June Patch Tuesday cycle.

The relationship has gotten openly hostile. Microsoft warned it would work with law enforcement against people engaged in "malicious activity causing real harm to our customers," language much of the security community read as a threat aimed at the researcher. Nightmare Eclipse says Microsoft repeatedly got their GitHub and GitLab repositories taken down, which is why the latest exploit landed on a self-hosted Git platform at projectnightcrawler.dev instead.

There is a real tension here worth naming. Takedowns of public exploit code can slow the spread of a working attack, but they also push researchers toward infrastructure no one can moderate, and they sour the coordinated-disclosure relationships that get bugs fixed quietly before code goes public. Defenders end up worse off when a researcher decides that dropping a same-day zero-day is more effective than filing a report. Whatever the merits on either side, the pattern of self-hosted full-disclosure drops is the practical reality security teams now have to plan around.

What to do right now

There is no patch for RoguePlanet as of this writing, and Microsoft had not issued a statement when the exploit went public. A few concrete steps reduce your exposure while you wait:

• Treat SMB hygiene seriously. The original variant relied on coercing a victim into opening files from a remote SMB share. Block outbound SMB (TCP 445) at the perimeter and disable symlink evaluation across SMB where you do not explicitly need it. This shrinks the remote attack surface that the researcher says may still be reachable.
• Deploy application control. Whether through Windows Defender Application Control, AppLocker, or a third-party allowlisting tool, refusing to run unapproved executables stops the exploit before its race begins. This is the mitigation ThreatLocker demonstrated.
• Watch for the prerequisites, not the bug. Local privilege escalation needs an initial foothold. Solid phishing defenses, least-privilege accounts, and EDR coverage of the steps that come before escalation matter more than chasing the specific CVE.
• Test your detections. A common finding across breach simulations is that organizations log most successful attacks but alert on only a fraction of them. If RoguePlanet ran in your environment, would your SIEM or EDR rules fire? That is a question worth answering with a controlled test rather than an incident.

Keep an eye on Microsoft's advisory channels for an out-of-band fix or guidance, and assume that public, reproduced exploit code will be folded into real attacks quickly. The history of these leaks, including this researcher's own earlier drops, is that proof-of-concept code rarely stays academic for long.