The Circuitry
THE CIRCUITRYYour one-stop source for all tech news
HOMETODAYNEWSFEEDEVENTS
BOOKMARKS
RSS
© 2026 The Circuitry
About UsSourcesContactCorrectionsPrivacy
  • Today
  • Feed
  • Events
  • Saved
Scroll for more
Verification
VERIFIEDConfidence: HIGH
Source identified
Claims cross-referenced
No discrepancies found
Fact-check summary

BleepingComputer and other outlets confirm Microsoft patched the RoguePlanet Defender zero-day (CVE-2026-50656) via out-of-band Malware Protection Engine update on July 9.

Sourcing
1source

via The Register

The Register · track record
12Stories
100%Verified
1230d
All sources →
Markets
MSFT···

Live quote · not investment advice

Home/Tech/Microsoft patches Nightmare Eclipse's RoguePlanet Defender zero-day
VERIFIEDBy Xavier Rivera· ·1.5 min read

Microsoft patches Nightmare Eclipse's RoguePlanet Defender zero-day

Microsoft has fixed the RoguePlanet zero-day in Defender via an update to the Malware Protection Engine. The patch closes the latest vulnerability publicly disclosed by researcher Nightmare Eclipse, who has sparred with the company over its handling of bug reports all year.

Source:The Register
Post
Microsoft patches Nightmare Eclipse's RoguePlanet Defender zero-day
TL;DRAI · 60 sec read

Microsoft fixed the RoguePlanet zero-day in Microsoft Defender after Nightmare Eclipse published exploit code for CVE-2026-50656. The patch arrived outside Patch Tuesday and requires the latest Malware Protection Engine. It closes the researcher's seventh public zero-day disclosure amid disputes over Microsoft's vulnerability handling.

Microsoft has fixed the RoguePlanet zero-day vulnerability in Microsoft Defender, weeks after security researcher Nightmare Eclipse published exploit code for the flaw.

Microsoft addressed the bug outside its regular Patch Tuesday cycle. The company updated the Microsoft Malware Protection Engine to resolve CVE-2026-50656. Customers must run the latest engine version to receive the protection.
Microsoft addressed the bug outside its regular Patch Tuesday cycle.
The vulnerability first appeared in June when Nightmare Eclipse released technical details and a proof-of-concept exploit. The researcher claimed RoguePlanet could spawn a command prompt with SYSTEM privileges on fully patched Windows 10 and Windows 11 systems by exploiting a race condition in Defender.

The exploit's success depended on precise timing. Nightmare Eclipse described it as a race condition that delivered a 100 percent success rate on some machines but struggled on others. The bug reportedly worked whether or not Defender's real-time protection was enabled.
From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →
When The Register first reported on RoguePlanet in June, Microsoft said only that it was investigating the claims. The company has now completed that probe and issued the fix but has not explained the technical changes or confirmed any real-world exploitation beyond the published proof-of-concept.
RoguePlanet marks the seventh zero-day publicly disclosed by Nightmare Eclipse since April.
RoguePlanet marks the seventh zero-day publicly disclosed by Nightmare Eclipse since April. The researcher, who claims to be a former Microsoft employee, has conducted an increasingly acrimonious campaign against the company's vulnerability disclosure and bug bounty programs. Nightmare Eclipse has accused Microsoft of ignoring reports, deleting submission accounts, and treating independent researchers with contempt.

Microsoft initially warned that publishing exploit code could carry legal consequences. Security researchers pushed back, prompting the company to clarify it had no intention of pursuing action against legitimate security research. The researcher also alleged that Microsoft removed RoguePlanet proof-of-concept repositories from GitHub and GitLab before the code moved to a self-hosted location.
With the patch for CVE-2026-50656 now live, Microsoft has closed every public zero-day disclosed by Nightmare Eclipse earlier this year.

EXPERT TAKE

The quiet engine update rather than a Patch Tuesday release suggests Microsoft treated the race condition as a targeted Defender fix, though the lack of technical detail leaves defenders without clear guidance on detection or mitigation steps.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported
DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE
From The Circuitry

See what’s happening right now

The Feed runs all day — short, verified briefs the moment they break.

Open the Feed →
From The Circuitry

Follow @thecircuitry_

Every story we publish, as it happens. No noise between.

Follow on X ↗On Bluesky ↗

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee
MicrosoftSecurityZero-DayVulnerability
More fromThe Register
  • SAP ends EU antitrust probe by dropping legacy support fees

    Tech · 1h
  • Telstra outage disrupts emergency calls, trains and payments

    Tech · 1d
  • Moody Bible Institute breach leaves 2.3M accounts needing salvation, says cyber expert

    Tech · 3d
More inTech
  • Toyota postpones 2027 Highlander BEV output

    Tech · 53m
  • OpenAI Debuts GPT-5.6 Models and ChatGPT Work Agent

    Tech · 1h
  • Microsoft to expand Patch Tuesday security releases with AI

    Tech · 1h
SupportThe Work

The Circuitry is reader-supported. If you find the daily brief useful, you can buy me a coffee to keep it going.

Buy a coffee →
SubscribeCircuitry Brief

Daily brief at 7 AM ET. Top tech stories, every morning.

MORE IN TECH

Toyota postpones 2027 Highlander BEV output

Toyota is pushing back output of its initial three-row battery-electric SUV, the 2027 Highlander BEV, and will keep the existing gasoline and hybrid Highlander models on sale longer while three new electric SUVs gain U.S. traction.

OpenAI Debuts GPT-5.6 Models and ChatGPT Work Agent

OpenAI has now made its GPT-5.6 family of models public at the same time it introduced the ChatGPT Work agent, arriving two days after Anthropic expanded its competing Claude Cowork service. The overlapping launches highlight an intensifying race between the companies to equip non-technical staff with automated document tools.

Microsoft to expand Patch Tuesday security releases with AI

Microsoft is expanding the number of fixes delivered in each Patch Tuesday release for Windows 11 by using AI to surface potential security issues earlier. The adjustment comes amid rising AI-assisted vulnerability hunting and exploitation by both attackers and security researchers.