Back to advisories

Microsoft patches RoguePlanet Defender zero-day vulnerability

Microsoft has released a patch for CVE-2026-50656 (RoguePlanet), a zero-day in Microsoft Defender that allows attackers to escalate privileges to SYSTEM level via a race condition. A public proof-of-concept exploit exists. All systems running unpatched Defender are at immediate risk of privilege escalation and full system compromise.

CRITICALAdvisoryJul 11, 2026
Action required
Prioritize patching Microsoft Defender to the latest version across all endpoints immediately. Monitor for suspicious Defender process behavior, file system access anomalies, and unexpected SYSTEM-level process spawning.
Affected products
Microsoft DefenderMicrosoft