"RoguePlanet" Zero Day MS Defender Privilege Escalation (opens in new tab)

CVE-2026-50656, publicly referred to as "RoguePlanet," is a local elevation of privilege vulnerability in the Microsoft Malware Protection Engine (the core scanning engine used by Microsoft Defender). The flaw allows an attacker with local access to spawn a command shell running with SYSTEM privileges on a fully patched Windows host. Microsoft has acknowledged the issue, rated it "Exploitation More Likely" on its Exploitability Index, and assigned a CVSS 4.0 base score of 7.8. As of June 25, ...