Microsoft shipped an out-of-band (OOB) Malware Protection Engine update, version 1.1.26060.3008, on Thursday 9 July, patching RoguePlanet (CVE-2026-50656) 1. The flaw let a local attacker escalate to SYSTEM, the highest account on a Windows machine, through improper link resolution in Windows Defender, a local privilege escalation (LPE). The fix ships silently through the normal Defender signature channel, so administrators need take no action.
RoguePlanet was the seventh and final zero-day from the researcher known as Nightmare Eclipse since April, closing the series rather than extending it. The fifth in that run landed in June still unpatched. RoguePlanet itself sat public with proof-of-concept code for roughly a month before the fix arrived.
Nightmare Eclipse released working exploits before patches existed, and Microsoft answered with legal threats and account takedowns while the code stayed live on public mirrors 2. Coordinated disclosure depends on both sides trusting the process, and a month of public exploit code against Defender, seven times since April, shows that trust fraying. Defenders absorb the exposure in the gap between drop and patch, which pushes the burden onto compensating controls like application allow-listing and endpoint tamper protection.
