iGEN
Visit IGEN World Explore IGEN Expo
EXPLORE UPGRADE PLANS
BREAKING
Telegram Blocked in India for NEET Exam, But Remains Accessible via VPN FTAs, Agri-Start-ups and FPOs to Drive Next Phase of Farm Export Growth: APEDA Chief India's mango exports reach 45 countries; US shipments likely to grow over 30% this season: APEDA MSC denies report of Hapag-Lloyd acquisition talks; carrier says claim 'not true or correct' Tin Prices Poised to Rule Elevated in 2026 on Semiconductor Demand and Supply Disruptions India must boost oilseed yields to cut edible oil imports, SEA chief says India Air Freights 5 Tonnes of Medical Aid to Afghanistan Under Humanitarian Assistance Tsakos Joins Greek Capesize Ordering Wave at Hengli Heavy Industries How US quietly kept Gulf crude moving despite Iran's Hormuz blockade Rupee Rebounds 31 Paise to 94.29 as Easing Oil, Dollar Index Boost Sentiment Telegram Blocked in India for NEET Exam, But Remains Accessible via VPN FTAs, Agri-Start-ups and FPOs to Drive Next Phase of Farm Export Growth: APEDA Chief India's mango exports reach 45 countries; US shipments likely to grow over 30% this season: APEDA MSC denies report of Hapag-Lloyd acquisition talks; carrier says claim 'not true or correct' Tin Prices Poised to Rule Elevated in 2026 on Semiconductor Demand and Supply Disruptions India must boost oilseed yields to cut edible oil imports, SEA chief says India Air Freights 5 Tonnes of Medical Aid to Afghanistan Under Humanitarian Assistance Tsakos Joins Greek Capesize Ordering Wave at Hengli Heavy Industries How US quietly kept Gulf crude moving despite Iran's Hormuz blockade Rupee Rebounds 31 Paise to 94.29 as Easing Oil, Dollar Index Boost Sentiment
Home ›› Technology ›› Cybersecurity ›› Microsoft Defender Zero-Day Exploit Threatens System Security
iGEN
Technology Cybersecurity

Microsoft Defender Zero-Day Exploit Threatens System Security

A newly disclosed zero-day vulnerability in Microsoft Defender, named 'RoguePlanet', allows attackers to gain SYSTEM privileges on Windows 10 and 11. Security researcher Chaotic Eclipse revealed this exploit, highlighting ongoing tensions with Microsoft over vulnerability disclosures.

iG
iGEN Editorial
June 10, 2026
Microsoft Defender Zero-Day Exploit Threatens System Security

A newly disclosed zero-day vulnerability in Microsoft Defender, named "RoguePlanet", poses a significant threat to system security by allowing attackers to gain SYSTEM privileges on fully patched Windows 10 and Windows 11 devices. This vulnerability was revealed by the security researcher known as Chaotic Eclipse, who has a history of publicly disclosing such exploits due to dissatisfaction with Microsoft's handling of vulnerability reports.

RoguePlanet Exploit Details

The "RoguePlanet" exploit is described as a "race condition vulnerability". According to TechRadar, this type of exploit can be inconsistent, with success rates varying across different machines. ThreatLocker, a cybersecurity firm, confirmed the viability of the exploit and demonstrated its functionality. Danny Jenkins, CEO of ThreatLocker, noted that organizations using application allowlisting can effectively prevent the exploit from executing, providing a crucial layer of protection.

Chaotic Eclipse's Disclosure History

Chaotic Eclipse has previously disclosed six other zero-day vulnerabilities, including BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma. The researcher has expressed frustration with Microsoft's response to these disclosures, leading to a series of public releases. In the latest Patch Tuesday update, Microsoft addressed two of these vulnerabilities: GreenPlasma and YellowKey.

Implications for Enterprises

The disclosure of the RoguePlanet exploit underscores the importance of robust cybersecurity measures for enterprises. Organizations must ensure that their systems are protected against such vulnerabilities by implementing comprehensive security protocols, including application allowlisting and regular updates. The ongoing feud between Chaotic Eclipse and Microsoft highlights the challenges in vulnerability management and the need for transparent communication between researchers and software vendors.

Vulnerability Status
BlueHammer Disclosed
RedSun Disclosed
UnDefend Disclosed
YellowKey Patched
GreenPlasma Patched
MiniPlasma Disclosed
RoguePlanet Disclosed

The cybersecurity landscape continues to evolve, and enterprises must stay vigilant to protect their systems from emerging threats. The RoguePlanet exploit serves as a reminder of the potential risks posed by zero-day vulnerabilities and the critical need for proactive security measures.

Sources: TechRadar – Main Feed

Keep Reading

Recommended Stories

Linux Kernel Vulnerability: A Single Character Threat Technology

Linux Kernel Vulnerability: A Single Character Threat

A logic inversion bug in the Linux kernel, identified as CVE-2026-23111, allows privilege escalation, affecting major distributions like Debian, Ubuntu, and RHEL. The vulnerability highlights challenges in managing AI-driven bug reports.

June 9, 2026
AI's Role in Accelerating Cyber Vulnerabilities Technology

AI's Role in Accelerating Cyber Vulnerabilities

AI is significantly reducing the time it takes for adversaries to exploit vulnerabilities, challenging traditional cybersecurity defenses. Organizations must shift focus from prevention to resilience to maintain operations.

June 10, 2026
Microsoft Disables 73 GitHub Repos After Malware Breach Technology

Microsoft Disables 73 GitHub Repos After Malware Breach

Microsoft has disabled 73 GitHub repositories after hackers used stolen credentials to plant malware. The breach affected multiple organizations, including Azure, and led to significant disruptions. Microsoft is investigating and has notified affected customers.

June 9, 2026
Oracle Warns of Critical PeopleSoft Vulnerability Exploited by ShinyHunters, Affecting Hundreds of Organizations Technology

Oracle Warns of Critical PeopleSoft Vulnerability Exploited by ShinyHunters, Affecting Hundreds of Organizations

Oracle has issued a security advisory for a critical remote code execution vulnerability (CVE-2026-35273, CVSS 9.8) in PeopleSoft versions 8.61 and 8.62. The extortion group ShinyHunters is exploiting it, claiming to have breached over 100 organizations and exfiltrated data from ~300 instances. Google's Mandiant reported zero-day exploitation between May 27 and June 9, 2026, and alerted over 100 potentially vulnerable entities.

June 15, 2026