Microsoft Defender 'RoguePlanet' Zero-Day Exploit Exposed, Grants Full SYSTEM Privileges
Security researcher 'Nightmare Eclipse' has publicly released a zero-day exploit targeting Microsoft Defender, dubbed 'RoguePlanet.' The exploit reportedly leverages a race condition in Defender to spawn a SYSTEM-level command prompt on fully patched Windows 10 and 11 systems. Its release came just hours after Microsoft rolled out what is reportedly its largest-ever Patch Tuesday update, which did not address this newly disclosed vulnerability.
Highlights
- Security researcher 'Nightmare Eclipse' publicly released 'RoguePlanet,' a zero-day exploit for Microsoft Defender that grants SYSTEM-level privileges on fully patched Windows 10 and 11.
- The exploit abuses a race condition vulnerability inside Microsoft Defender to spawn a SYSTEM-privileged command prompt, giving attackers complete control of the affected system.
- The disclosure came just hours after Microsoft's record-breaking Patch Tuesday update—the largest in the company's history—which did not include a fix for this vulnerability.
- Because Microsoft Defender is built into Windows and enabled by default, virtually all Windows users are potentially exposed to this threat.
- Microsoft has not yet released an official patch; users are advised to monitor Microsoft's security advisories closely.
Microsoft Defender 'RoguePlanet' Zero-Day Exploit Exposed
A security researcher operating under the handle 'Nightmare Eclipse' has publicly released a new zero-day exploit targeting Microsoft Defender, naming it 'RoguePlanet.'
Scope of Impact
According to reports, the exploit is capable of running on fully updated Windows 10 and Windows 11 systems. It takes advantage of a race condition vulnerability within Microsoft Defender to spawn a command prompt with full SYSTEM-level privileges, effectively granting complete control over the affected machine.
Sensitive Timing Raises Concerns
The timing of the disclosure is particularly notable. The exploit was released just hours after Microsoft patched two previously disclosed security vulnerabilities as part of its monthly security update cycle. That Patch Tuesday release has been described as the largest in Microsoft's history—yet it still failed to address this newly surfaced zero-day.
Security Implications
SYSTEM is the highest privilege level in the Windows operating system. An attacker who obtains SYSTEM access can execute arbitrary code, install malware, and access or modify all system files and user data without restriction.
Because Microsoft Defender is Windows' built-in antivirus solution, virtually all Windows users are potentially at risk. As of this writing, Microsoft has not issued an official patch for this zero-day vulnerability. Users are advised to monitor Microsoft's security advisories closely for further updates.
Sources: Slashdot / BleepingComputer
原文來源: 查看原文
FAQ
Newsletter
Subscribe to our Low-Altitude Industry Newsletter
Daily curated news on low-altitude economy and drone industry, delivered to your inbox.
