RoguePlanet: The Zero-Day Exploit Compromising Microsoft Defender

Introduction

On June 10, 2026, hours after Microsoft released its June Patch Tuesday — the largest in the company’s history, addressing nearly 200 vulnerabilities and 208 registered CVEs — the security researcher known under the aliases Chaotic Eclipse (also referenced as Nightmare Eclipse) publicly released the functional code of a zero-day exploit catalogued as RoguePlanet, without any prior coordination with the vendor. This flaw directly affects Microsoft Defender, Windows’ native antimalware engine, and has been verified on fully patched systems already incorporating the June 2026 updates. Multiple independent researchers confirmed the exploit achieves local privilege escalation.

RoguePlanet is not an isolated event: it represents the latest addition to a series of uncoordinated public disclosures the researcher has been carrying out since April 2026, in what many analysts have characterized as a deliberate escalation of tensions against Microsoft, rooted in an unresolved dispute over vulnerability reporting processes and financial compensation.

What is RoguePlanet?

RoguePlanet is the identifier assigned to the exploit that abuses a logical flaw in Microsoft Defender’s core service — MsMpEng.exe — to allow a locally authenticated actor to escalate their privileges to SYSTEM level, the highest authority account in the Windows architecture.

Nature of the flaw

Vulnerability type: Local Privilege Escalation (LPE) combined with a race condition.
Affected component: Microsoft Defender’s scanning engine (MsMpEng.exe) and its read/write operations on the filesystem during real-time analysis, specifically within the mpengine!SysIO* API.
Direct impact: A standard or limited-privilege user can obtain a console session with SYSTEM rights, bypassing the operating system’s access controls.
Access vector: Local (AV:L), meaning the attacker must already have an authenticated session on the target machine, either physically or remotely through other means.
Patch status: No CVE assigned and no official patch available at the time of disclosure.

Why is this particularly severe?

The risk of security software becoming an attack vector in its own right adds a layer of defensive complexity. Organizations that rely exclusively on Microsoft Defender as their endpoint protection solution are exposed to a scenario where the tool designed to detect and block threats involuntarily acts as a launchpad for malicious execution at the operating system’s highest privilege level. This undermines the defense-in-depth principle at its most fundamental level.

Compounding the situation, the researcher publicly declared possessing an additional batch of memory corruption vulnerabilities in Defender, as well as flaws in other Windows components, with the stated intention to continue disclosures.

How Does It Work?

The core mechanism of RoguePlanet relies on exploiting a race condition within Microsoft Defender. Understanding its current behavior requires also understanding its technical evolution, as the exploit underwent significant transformations before its final publication.

Technical history of the exploit — from RCE to LPE

According to the researcher’s own blog post, dated June 9, 2026, RoguePlanet went through three development phases:

Phase 1 — Original Remote Code Execution (RCE): In its initial form, the vulnerability enabled remote code execution. The mechanism required an attacker to coerce the victim into opening a .vhd or .vhdx file from a remote SMB server. Successful exploitation resulted in Defender overwriting its own files, leading to arbitrary code execution. In an additional scenario, if the victim had right-to-left (R2L) symlink evaluation enabled, RCE was achievable simply by coercing the victim to open the SMB share, with no further interaction required.

Phase 2 — BitLocker Bypass: A variant identified during early development allowed a full BitLocker bypass. It required a specialized device capable of delivering different data to NTFS.sys when Defender attempted to read the tainted file, enabling redirection of the newly remediated file to an arbitrary location.

Phase 3 — LPE (current state following the May 2026 patch): In mid-May 2026, Microsoft introduced a patch to mpengine!SysIO* that neutralized junction-based path-redirection attacks. The researcher was forced to rewrite RoguePlanet from scratch to restore its functionality. The result of this rewrite, completed in late May, is the PoC published on June 10: a local privilege escalation exploit whose current operation does not rely on path redirection.

Exploitation mechanism in its current form

Mounting an ISO image: The exploit requires a local user to mount an ISO image on the system. This is the attacker-controlled entry vector. It is also the direct reason why the PoC does not work on Windows Server: standard users cannot mount ISO images in that environment.
Triggering a Defender scan: Once the ISO is mounted, the files it contains are automatically scanned by Defender’s real-time analysis engine. This activates the privileged MsMpEng.exe process over artifacts under the attacker’s control.
Exploiting the race condition: The core of the exploit lies in winning the temporal race between the moment Defender begins its operations on the mounted artifacts and the moment it finishes. During that critical window, the exploit executes a concurrent operation that interferes with the privileged processing flow.
Path hijacking and SYSTEM shell spawning: By winning the race condition, the exploit has caused Defender to deposit the attacker’s payload at a path that, through an NTFS junction chain, resolves to C:\Windows\System32\wermgr.exe. The exploit then programmatically invokes the native scheduled task \Microsoft\Windows\Windows Error Reporting\QueueReporting via the Task Scheduler COM API. This task, present on every standard Windows installation and running under SYSTEM, attempts to execute wermgr.exe from System32 but instead executes the exploit binary. This new instance, now running with NT AUTHORITY\SYSTEM privileges, reconnects to the named pipe \\.\pipe\RoguePlanet, identifies the interactive user’s session via GetNamedPipeServerSessionId, and spawns a conhost.exe process into that session with the SYSTEM token, resulting in an interactive console with the system’s maximum privileges.

Technical characteristics and critical clarifications

Variable reliability by design: The exploit is non-deterministic. The researcher explicitly warns: “it’s a race condition, so it’s a hit or miss.” Will Dormann (a recognized security researcher) reported it worked on the first attempt in his tests, but multiple reports indicate inconsistent behavior. A comment on the researcher’s blog suggests that raising the process priority to real-time, pinning affinity to a single core, and using multiple WER targets significantly improves the success rate.
Downgraded from RCE: The most dangerous variant — remote code execution via SMB — existed and was verified in the lab. The May 2026 patch to mpengine!SysIO* appears to have closed that path; however, the researcher indicated it remains unclear whether any variant of the exploit could recover RCE capability.
BitLocker scope potentially still viable: The researcher noted the BitLocker bypass “might still be feasible even with the changes” introduced in May, though without certainty.
Disclosure of additional vulnerabilities: The researcher stated possessing “a batch of memory corruption vulnerabilities in Defender, as well as vulnerabilities in other components,” suggesting the identified attack surface is broader than what the current PoC exposes.
PoC size: The RoguePlanet.cpp file published on GitHub weighs 5.5 MB, evidencing substantial technical complexity, consistent with the researcher’s account of nearly continuous weeks of work that “drained their soul.”

Affected Systems

According to technical information disclosed in the exploit’s GitHub repository (MSNightmare/RoguePlanet) and confirmed by independent researchers:

Windows 10 (stable channel, with June 2026 updates installed) — confirmed by the researcher
Windows 11 (stable channel and Canary channel, with June 2026 updates) — confirmed by the researcher and verified by Will Dormann on Mastodon
Windows Server 2019, 2022, and 2025 — the researcher states the underlying vulnerability affects all Server versions; the published PoC does not work directly in this environment because standard users cannot mount ISO images, but the flaw persists and requires a redesigned exploitation vector

Researcher’s note (README, MSNightmare/RoguePlanet repository): “I want to make one thing very clear. All Windows Server installations are vulnerable as well, you just need to redesign the exploit.”

Background: The Researcher and Microsoft

Chaotic Eclipse’s exploit series (2026)

Since April 2026, the researcher has published the following series of uncoordinated exploits:

Name	CVE	Component	Status
BlueHammer	CVE-2026-33825	Microsoft Defender	Patched, exploited in the wild
RedSun	CVE-2026-41091	Microsoft Defender	Silently patched, exploited in the wild
UnDefend	CVE-2026-45498	Microsoft Defender	Patched, exploited in the wild
YellowKey	CVE-2026-45585	BitLocker	Patched in June 2026
GreenPlasma	CVE-2026-45586	Windows CTFMON	Patched in June 2026
MiniPlasma	(no public CVE)	Unspecified	Under investigation
RoguePlanet	(no CVE assigned)	Microsoft Defender	Unpatched. Disclosed 06/10/2026
GreatXML	(no CVE assigned)	BitLocker	Unpatched. Disclosed 06/11/2026

Additionally, the researcher has announced the intention to disclose an exploit related to the application of WHCP (Windows Hardware Compatibility Program) drivers from April 2026.

The dispute with Microsoft

Chaotic Eclipse detailed the grievances motivating the public disclosures:

Revocation of their Microsoft Security Response Center (MSRC) account, blocking the submission of reports through official channels
Rejection of previously submitted vulnerability reports
Lack of financial compensation for identified vulnerabilities
Actions the researcher characterizes as defamation and misuse of Microsoft’s ownership of GitHub to remove their repositories and accounts

In response to the GitHub and GitLab removals, the researcher announced the development of alternative hosting infrastructure at git.projectnightcrawler.dev.

Microsoft’s public stance

In late May 2026, the Microsoft Security Response Center published a blog post titled “A Shared Responsibility: Protecting Customers Through Coordinated Vulnerability Disclosure”, in which it:

Characterized uncoordinated public disclosures as acts that put customers at “unnecessary risk”
Described how its security teams have worked around the clock since the disclosures to develop patches and protect customers from threat actors who have adopted the published exploits
Reaffirmed the Coordinated Vulnerability Disclosure (CVD) model as the industry standard
Clarified it has no intention of pursuing legal action against researchers for publishing security research, but will work with authorities when malicious activity causes real harm to customers

Mitigation and Detection

In the absence of an official patch at the time of disclosure, organizations must implement an active mitigation strategy based on visibility and environment hardening.

Immediate defensive remediation recommendations

Monitoring Microsoft Defender child processes:

Configure rules in your SIEM and EDR solution to alert on any child process spawned directly by MsMpEng.exe. Under normal operating conditions, this process should not generate command interpreter instances such as cmd.exe, powershell.exe, wscript.exe, or cscript.exe.
Implement the following detection logic in tools such as Microsoft Sentinel, Splunk, or Elastic SIEM:

ParentProcessName: MsMpEng.exe
ChildProcessName: (cmd.exe OR powershell.exe OR pwsh.exe)
IntegrityLevel: System

Enable process creation auditing (Audit Process Creation) via Group Policy to log all launched processes in the Event Log (ID 4688), including the full command line.

Restricting ISO image mounting by standard users:

Since the current exploitation vector requires a standard user to mount an ISO image, applying Group Policy or AppLocker restrictions on the ability to mount disk images can be a high-impact, low-cost compensating mitigation.

Local policy hardening:

Enable Attack Surface Reduction (ASR) rules in Microsoft Defender for Endpoint, particularly those blocking process creation from PSExec/WMI and providing advanced ransomware protection.
Apply restrictions via Windows Defender Application Control (WDAC) or AppLocker to limit which executables can be launched from the security services context.
Implement LSA Protection (RunAsPPL) and ensure critical system services operate under Protected Process Light environments.

Endpoint activity auditing while awaiting the official patch

Review Windows Event Viewer logs, paying special attention to Event IDs 4688 (process creation) and 4672 (special privilege assignment), filtered by the NT AUTHORITY\SYSTEM context.
Monitor Event ID 1102 (audit log cleared) as an indicator of possible post-exploitation cover-up.
Monitor for unusual I/O activity and process creation during Defender scan operations on mounted media (ISO, VHD, VHDX).
Watch for QueueReporting scheduled task executions that occur shortly after Defender scan/remediation events, reparse point changes, or ISO attachment — correlating these with conhost.exe, wermgr.exe, or unsigned executables running from temp-created working paths.
Alert on Defender detections and actions involving %TEMP%\RP_*, ADS syntax, or unexpected wermgr.exe locations.
Subscribe to MSRC channels and the Microsoft Update portal for out-of-band patch notifications.
Monitor the CISA KEV (Known Exploited Vulnerabilities) catalog, as analysts anticipate vulnerabilities from the Chaotic Eclipse series will be added in the coming days.

Summary

RoguePlanet represents a particularly troubling threat category: the conversion of defensive tools themselves into active attack vectors. Key executive takeaways for organizations:

The trust perimeter has collapsed inward. The premise that “if the antivirus is running, we are protected” is directly challenged. Native security solutions must be treated under a zero trust philosophy and monitored with the same rigor as any user-facing application.
The corporate impact is critical and multidimensional. An attacker who has already compromised a workstation with low privileges could escalate to SYSTEM and proceed with lateral movement, credential dumping, or disabling security telemetry. The situation is compounded by the researcher’s declaration of additional, still-undisclosed vulnerabilities in Defender and other components.
Behavior-based detection is the first and most viable defensive line. Since blocking the flaw at signature level is not viable until a patch exists, organizations must prioritize detection of anomalous post-exploitation behavior over exclusive reliance on known-malicious artifact detection.
Urgent review of layered defense strategy. This incident underscores the importance of not relying on a single security solution. The complementary deployment of third-party EDR solutions, active SIEM monitoring, and rigorous application of the least privilege principle remain indispensable pillars of a resilient security posture.

References

Lakshmanan, R. (2026, June 10). Microsoft Defender RoguePlanet zero-day grants SYSTEM access on updated Windows. The Hacker News. https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html

Zorz, Z. (2026, June 10). Record Microsoft Patch Tuesday, fresh zero-day. Help Net Security. https://www.helpnetsecurity.com/2026/06/10/microsoft-patch-tuesday-rogueplanet/

Paganini, P. (2026, June 10). Chaotic Eclipse unveils RoguePlanet exploit targeting fully patched Windows. Security Affairs. https://securityaffairs.com/193436/security/chaotic-eclipse-unveils-rogueplanet-exploit-targeting-fully-patched-windows.html

Paganini, P. (2026, June 11). Chaotic Eclipse strikes again: New zero-day unlocks BitLocker in four hours of research. Security Affairs. https://securityaffairs.com/193516/security/chaotic-eclipse-strikes-again-new-zero-day-unlocks-bitlocker-in-four-hours-of-research.html

Nightmare Eclipse. (2026, June 9). RoguePlanet, a quick history [Cryptographically signed blog post]. Nightmare Eclipse Blog. https://deadeclipse666.blogspot.com/2026/06/rogueplanet-quick-history.html