Microsoft feud escalates as researcher drops new Windows zero-day
Summary
Security researcher Nightmare Eclipse has released exploit code for a new Windows zero-day vulnerability, dubbed RoguePlanet. This flaw reportedly affects Microsoft Defender and can grant SYSTEM-level privileges on updated Windows systems. The researcher's actions follow a pattern of publicizing unpatched vulnerabilities and engaging in a public dispute with Microsoft over disclosure practices.
IFF Assessment
The release of a zero-day exploit that can grant SYSTEM-level privileges on Windows systems is detrimental to defenders, as it presents an immediate threat that may not have a readily available patch.
Severity
A SYSTEM-level privilege escalation vulnerability allowing for remote code execution (via tricking a user to open a malicious file) would likely have a high CVSS score, considering the critical impact and potential for widespread exploitation. The attack vector could be local or remote depending on how the SMB server access is achieved.
CISA KEV: Listed as actively exploited. Federal patch due: May 06, 2026. Known ransomware use: Unknown.
Defender Context
This article highlights the ongoing risks associated with zero-day vulnerabilities, particularly those that affect widely used security software like Microsoft Defender. Defenders should be vigilant for any indicators of compromise related to this exploit and prioritize patching when Microsoft releases a fix. The researcher's tactics also underscore the importance of understanding and managing vulnerability disclosure disputes.