A notorious bug hunter, Nightmare Eclipse, has disclosed a new Windows zero-day vulnerability, dubbed RoguePlanet, which targets Microsoft Defender, affecting fully patched Windows 10 and Windows 11 systems1. This security flaw allows local privilege escalation if an attacker can exploit a race condition. The disclosure comes on the heels of Microsoft's June Patch Tuesday, which saw a record number of CVEs and fixes released. Nightmare Eclipse, possibly a disgruntled ex-Microsoft employee, has a history of uncovering vulnerabilities and appears to be motivated by a grudge against the company. The release of proof-of-concept exploit code for the RoguePlanet vulnerability puts pressure on Microsoft to issue a patch quickly. This zero-day activity underscores the importance of prompt risk assessment, as the window for patching is rapidly shrinking. So what matters to practitioners is that they must immediately assess their exposure to this vulnerability to prevent potential attacks.
Angry bug hunter with Microsoft beef drops new Windows 0-day
⚠️ Critical Alert
Why This Matters
Zero-day activity targeting Microsoft means patching windows are already closing — assess your exposure immediately.
References
- The Register. (2026, June 10). Angry bug hunter with Microsoft beef drops new Windows 0-day. The Register. https://www.theregister.com/security/2026/06/10/nightmare-eclipse-publishes-new-windows-defender-zero-day/5253725
Original Source
The Register
Read original →