HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Zero-Day RoguePlanet Exploit Grants SYSTEM Privileges on Fully Patched Windows 10/11

Researcher Chaotic Eclipse released a PoC for the RoguePlanet zero‑day in Microsoft Defender that can obtain SYSTEM privileges on Windows 10 and 11 machines with the latest June 2026 patches. The vulnerability undermines a core security component, posing a high‑risk exposure for any organization relying on Windows endpoints.

LiveThreat™ Intelligence · 📅 June 10, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
securityaffairs.com

Zero-Day RoguePlanet Exploit Grants SYSTEM Privileges on Fully Patched Windows 10/11

What Happened — Security researcher Chaotic Eclipse released a proof‑of‑concept for the “RoguePlanet” Microsoft Defender zero‑day that leverages a race condition to obtain SYSTEM‑level code execution on Windows 10 and Windows 11 machines that have applied the June 2026 Patch Tuesday updates. The exploit works on fully patched client OSes; a server‑specific variant is believed to exist but was not demonstrated.

Why It Matters for TPRM

  • Even organizations that enforce strict patch‑management can be compromised by a vulnerability that survives the latest Microsoft updates.
  • Microsoft Defender is a cornerstone endpoint‑security control; a bypass erodes the trust placed in a third‑party security product.
  • Remote‑work and SaaS environments that depend on Windows workstations become a direct attack surface for adversaries seeking privileged access.

Who Is Affected — Enterprises across all sectors using Windows 10/11 desktops or laptops with Microsoft Defender enabled; Managed Service Providers that deploy standardized Windows images; SaaS platforms that run Windows‑based workloads or remote‑desktop services.

Recommended Actions

  • Accelerate deployment of any out‑of‑band patches Microsoft may issue for the RoguePlanet flaw.
  • Apply temporary mitigations: disable the vulnerable Defender component or enforce strict application‑control policies (e.g., Windows Defender Application Control).
  • Increase monitoring for anomalous SYSTEM‑level process creation, especially processes spawned from ISO‑mount operations.
  • Review third‑party contracts for clauses requiring timely remediation of OS‑level vulnerabilities and confirm vendors have a rapid‑response patching process.

Technical Notes — The vulnerability is a race condition in Defender’s path‑redirection handling that can be triggered to gain SYSTEM privileges. No CVE identifier has been assigned yet; the PoC is publicly available on GitHub. Successful exploitation yields a SYSTEM shell, giving attackers unrestricted access to files, credentials, and network resources. Source: Security Affairs

📰 Original Source
https://securityaffairs.com/193436/security/chaotic-eclipse-unveils-rogueplanet-exploit-targeting-fully-patched-windows.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →