EXECUTIVE SUMMARY:
CVE-2026-50656, with a CVSS score of 7.8, is a Microsoft Defender zero-day vulnerability, known as RoguePlanet, that affects fully patched Windows 10 and Windows 11 systems. The flaw exploits a race condition in the Microsoft Malware Protection Engine, enabling attackers to obtain SYSTEM-level privileges and execute elevated command prompts. It exploits released that the vulnerability can be exploited regardless of whether Microsoft Defender's real-time protection is enabled, although success rates may vary between systems. Microsoft has acknowledged the issue and confirmed that it is developing a security update to address the vulnerability. The disclosure is part of an ongoing dispute between the researcher and Microsoft over vulnerability disclosure and bug bounty practices, while several previously disclosed Windows zero-day vulnerabilities have already been addressed by Microsoft.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-50656, with a CVSS score of 7.8, is a Microsoft Defender zero-day vulnerability, known as RoguePlanet, that affects fully patched Windows 10 and Windows 11 systems. The flaw exploits a race condition in the Microsoft Malware Protection Engine, enabling attackers to obtain SYSTEM-level privileges and execute elevated command prompts. It exploits released that the vulnerability can be exploited regardless of whether Microsoft Defender's real-time protection is enabled, although success rates may vary between systems. Microsoft has acknowledged the issue and confirmed that it is developing a security update to address the vulnerability. The disclosure is part of an ongoing dispute between the researcher and Microsoft over vulnerability disclosure and bug bounty practices, while several previously disclosed Windows zero-day vulnerabilities have already been addressed by Microsoft.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
[/emaillocker]