[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVM8aOQFkFnAi8qI-Yag114SdYw7e3uZRGh-297ymYX8":3},{"article":4,"iocs":39},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":31,"category":32,"article_tags":36},"85ae98b1-fbb9-4e9e-82e3-10b1dda99907","Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges","microsoft-patches-rogueplanet-defender-flaw-that-can-grant-system-privileges-d24c0c","Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine (\"mpengine.dll\"), which provides scanning, detection, and cleaning capabilities for its antivirus and","Microsoft has released security updates for CVE-2026-50656 (CVSS 7.8), a privilege escalation vulnerability in the Microsoft Malware Protection Engine that could grant SYSTEM-level privileges. The flaw, discovered by researcher Chaotic Eclipse, is a race condition that affects Windows systems with current patches and works regardless of real-time protection status. The fix was deployed in Malware Protection Engine version 1.1.26060.3008, with automatic updates deployed across consumer and enterprise systems.","Microsoft patches RoguePlanet privilege escalation flaw in Malware Protection Engine.","Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges Ravie LakshmananJul 09, 2026Vulnerability \u002F Endpoint Security Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine (\"mpengine.dll\"), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software. The issue has been remediated in Microsoft Malware Protection Engine version 1.1.26060.3008, along with defense-in-depth updates to harden unspecified security-related features. RoguePlanet was first disclosed by a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse), describing it as a race condition that could be abused to spawn a shell with SYSTEM-level privileges. This, in turn, grants the attacker the ability to run arbitrary code or perform unauthorized actions. The exploit has been found to work on systems running up-to-date versions of Windows with the June 2026 Patch Tuesday updates installed. Subsequently, Chaotic Eclipse also revealed that the exploit works regardless of whether real-time protection is on or not. Microsoft has not officially credited Chaotic Eclipse with the vulnerability discovery. RoguePlanet is the fourth Defender vulnerability disclosed by the researcher after BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091), all of which have since been patched by Microsoft. The Windows maker said no customer action is required to install the update for CVE-2026-50656, as the software is frequently updated to secure customers against new and evolving threats. \"For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically,\" Microsoft said. \"Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.\" Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Antivirus, cybersecurity, endpoint security, exploit, Microsoft, Patch Management, privilege escalation, Threat Detection, Vulnerability, Windows Security ⚡ Top Stories This Week ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts ⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks 282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS ⭐ Featured Resources What 200+ Security Teams Reveal About Using IP Intelligence in 2026 Get Hands-On SANS Training for Today’s Cyber Defense and Offensive Security Challenges See What’s Really Exposed Across Your IT, OT, IoT, Cloud, and Mobile Assets Get Gartner’s Guide to AI Agent Supervision and Runtime Controls","https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fmicrosoft-patches-rogueplanet-defender.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhuqwSaoB3zc0bIhf1aBmcHsVVAsGnRDBc681vhmlgHYy0xx5VSxyS2jqjmk-mq27QrSKPN3yorL3A7DffJYp3iMO7CY_8owm-Cn8r7IFuvqeGHTPSyiFM0KVTMTE8W0Qon84tCbzsLVNqoS5nLq1aX8_RNKg0sxa2ke4Su_p5qy9dAlFdakwYcjueBGNhD\u002Fs1600\u002Fwindows.jpg","2026-07-09T08:48:48+00:00","2026-07-09T12:00:25.086466+00:00",9,[18,21,24,26,29],{"name":19,"type":20},"Microsoft","vendor",{"name":22,"type":23},"Microsoft Malware Protection Engine","product",{"name":25,"type":23},"Windows Defender",{"name":27,"type":28},"Chaotic Eclipse","threat_actor",{"name":30,"type":23},"Windows","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":31,"icon":33,"name":34,"slug":35},null,"Vulnerabilities","vulnerabilities",[37],{"category":38},{"id":31,"icon":33,"name":34,"slug":35},[40,44,47,50],{"type":41,"value":42,"context":43},"cve","CVE-2026-50656","Privilege escalation in Microsoft Malware Protection Engine (mpengine.dll) with CVSS 7.8",{"type":41,"value":45,"context":46},"CVE-2026-33825","BlueHammer, prior Defender vulnerability by Chaotic Eclipse",{"type":41,"value":48,"context":49},"CVE-2026-45498","UnDefend, prior Defender vulnerability by Chaotic Eclipse",{"type":41,"value":51,"context":52},"CVE-2026-41091","RedSun, prior Defender vulnerability by Chaotic Eclipse"]