Fri, 10 Jul 2026 Kyiv 02:11Berlin 01:11London 00:11 UKR / DE / EN

RoguePlanet Zero-Day: Microsoft Revises Patch

Microsoft has released a new patch for the Windows security vulnerability RoguePlanet (CVE-2026-50656). The update fixes a flaw in the Malware Protection Engine that could grant system privileges.

RoguePlanet Zero-Day: Microsoft Revises Patch
Photo: heise.cloudimg.io

Microsoft has released a new patch for the Windows security vulnerability RoguePlanet (CVE-2026-50656). The update fixes a flaw in the Malware Protection Engine that could grant system privileges.

On Wednesday, Microsoft updated the Windows Malware Protection Engine to permanently close the RoguePlanet vulnerability (CVE-2026-50656, CVSS score 7.8), known since mid-June. The initial patch from June 10 could be bypassed with a trivial change to the proof-of-concept exploit code, allowing attackers to still execute a shell with system privileges.

The flaw affects Windows 10 and 11, as well as Windows Defender and related security solutions. The Malware Protection Engine update is delivered automatically; users with custom configurations should verify the engine version. Systems running version 1.1.26060.3008 or later are considered secure.

RoguePlanet is one of several zero-day vulnerabilities disclosed by researcher “Nightmare Eclipse” over the past three months. Microsoft sharply criticized the approach, citing a lack of coordinated vulnerability disclosure (CVD), and threatened legal action. The researcher rejected the allegations.

Source: www.heise.de