Home/News/Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The Hacker News2 min read

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

Microsoft Defender experienced a zero-day vulnerability named RoguePlanet, which granted SYSTEM access on updated Windows systems. An anonymous security researcher, known as Chaotic Eclipse or Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for this vulnerability. The exploit operates as a race condition, meaning its success is not guaranteed on every attempt, according to the researcher who published it via a new GitHub account named "MSNightmare." Despite the probabilistic nature, the researcher claimed a 100% success rate in their own testing. This discovery highlights ongoing challenges in securing complex software like Microsoft Defender against sophisticated exploitation techniques. The vulnerability's existence underscores the importance of continuous security monitoring and rapid patching by both software vendors and users to mitigate potential system compromises. The disclosure of such zero-days, even with a proof-of-concept, can alert malicious actors to potential avenues for attack, necessitating swift action from Microsoft to address the flaw and prevent widespread exploitation.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next