RoguePlanet (CVE-2026-50656): The Unpatched Defender Race Condition That Spawns a SYSTEM Shell on Fully Updated Windows

A working exploit for the antivirus that ships in every copy of Windows has been public for more than two weeks, and there is still no patch. Run it on a fully updated Windows 11 machine, June 2026 cumulative installed and Microsoft Defender real-time protection switched on, and it returns a command prompt running as NT AUTHORITY\SYSTEM. The component you pay nothing for and trust to catch the intruder is the one handing them the highest privilege on the box.

The bug is tracked as CVE-2026-50656, branded RoguePlanet by the researcher who dropped it. Microsoft has confirmed it, rates it CVSS 7.8, and says only that it is "working to provide a high quality security update that addresses this vulnerability." No date. No workaround. For defenders that leaves an awkward window: a reliable local privilege escalation that works on a patched fleet, with the fix somewhere on an unannounced schedule.

So before you reorganize your week around it, the relevance verdict. If you run Windows 10 or 11 endpoints with Microsoft Defender as the antivirus - which describes most small businesses that never bought a third-party endpoint product - this one is yours. If your fleet runs a third-party endpoint agent with Defender fully disabled, or you are Windows Server only, the published exploit does not target you today, though Microsoft notes the underlying flaw reaches Server through a different path. And this is a privilege escalation, not a way in: the attacker already needs code running on the machine. That single fact decides whether this is an emergency or a queued item, and we will come back to it.

The disclosure campaign behind the bug

RoguePlanet is one entry in a series. It is the latest release from a researcher operating as Nightmare Eclipse (also seen as Chaotic Eclipse), who has been publishing zero-day exploits for Microsoft software since March 2026, openly framing the work as retaliation over a disagreement with the company's disclosure process. The earlier drops each carried their own codename, and the pattern matters more than any single bug.

• RedSun (CVE-2026-41091) and BlueHammer (CVE-2026-33825) - Windows local privilege escalation.
• UnDefend (CVE-2026-45498) - a Defender denial-of-service.
• GreenPlasma - a CTFMON-based privilege escalation.
• YellowKey - a BitLocker bypass through Windows Recovery, which we covered when it landed.

Three of those earlier bugs were seen exploited in real attacks before Microsoft shipped patches. That is the part worth internalizing. Microsoft's own Exploitability Index rates RoguePlanet "Exploitation More Likely," and the track record of this specific author says the gap between a public proof of concept and in-the-wild abuse is short. Reading the current quiet as safety is the mistake the timeline keeps punishing. For the campaign background, see the reporting at SecurityWeek and Security Affairs.

What RoguePlanet actually does

The vulnerability lives in the Microsoft Malware Protection Engine, the scanning core (mpengine) behind the MsMpEng.exe service that runs as SYSTEM on every Defender-protected host. Microsoft classifies it as CWE-59, improper link resolution before file access, triggered through a race condition. In plain terms, it is a time-of-check to time-of-use flaw in how the engine handles files during a privileged operation: the engine checks a path, and by the time it acts on that path the target has been swapped underneath it.

Defender does a great deal of file work as SYSTEM: quarantining flagged files, restoring them, and cleaning them in place. RoguePlanet abuses the narrow window between the engine validating a path and acting on it. Win the race - replace the target with a symbolic link at the right microsecond - and you redirect a SYSTEM-level file write to a location of your choosing. An arbitrary file write running as SYSTEM is one of the most reliable primitives in the local-escalation playbook; getting from there to a SYSTEM shell is standard tradecraft. The public proof of concept does exactly that, spawning a command prompt with full SYSTEM privileges.

Two properties make it hard to shrug off. It works whether or not real-time protection is enabled, so the reflexive "Defender is on, we are covered" assumption does not hold here. And the researcher has noted that small changes to the exploit defeat signature-based mitigation, which means Microsoft cannot quietly smother it with a definition update the way it would a piece of malware; the engine itself has to be fixed. The technical write-up from Morphisec and the reporting at Help Net Security agree on these points.

Why "just patch" does not apply yet

There is nothing to install. When the fix does ship, it will almost certainly arrive the way Defender engine fixes always have: through the antimalware platform and engine update channel, not Windows Update or next month's Patch Tuesday. That channel updates in the background on its own, which is genuinely good news - most environments will pick up the fix without anyone touching an endpoint - but only if the channel is healthy on your machines. A host that has not checked in for a while, or one whose engine update path is blocked by a misconfigured proxy or sits on an isolated segment, will still be exposed after everyone else is covered.

So the concrete pre-patch task is to confirm the update plumbing works and to record the current engine version, so you can prove the fix actually landed later. From an elevated PowerShell prompt, or pushed through your RMM:

# Read the running Defender engine/platform versions and update health.
Get-MpComputerStatus |
  Select-Object AMRunningMode,
                AMProductVersion,
                AMEngineVersion,
                AntivirusSignatureVersion,
                AntivirusSignatureLastUpdated,
                RealTimeProtectionEnabled

# Confirm the automatic update channel is not pinned or fenced off:
Get-MpPreference |
  Select-Object SignatureScheduleDay,
                SignatureUpdateInterval,
                SignatureFallbackOrder

Note the AMEngineVersion and AMProductVersion values and the last update time. When Microsoft ships the RoguePlanet fix the engine version will increment; re-run this and confirm every host moved. If AMRunningMode reads anything other than Normal, or the signature age is several days old, that host is not getting automatic engine updates and needs attention before anything else on this list.

Detection: hunt the aftermath, not the race

You will not catch the race condition itself. It resolves in microseconds and leaves no clean signal of its own. What you can catch is the shape of the attack around it: the post-escalation behavior and the file games that set it up. Two hunt rules are worth standing up today.

SYSTEM shells with a Defender parent

A command interpreter spawned by the Defender engine process, or launched as SYSTEM moments after a Defender remediation, is abnormal on an ordinary workstation. In Microsoft Defender for Endpoint advanced hunting:

// Command shells parented by the Defender engine and running as SYSTEM.
// Baseline out your RMM and management tooling, then alert on the rest.
DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "MsMpEng.exe"
| where FileName in~ ("cmd.exe", "powershell.exe", "pwsh.exe")
| where AccountName =~ "system"
| project Timestamp, DeviceName, AccountName, FileName,
          ProcessCommandLine, InitiatingProcessParentFileName
| sort by Timestamp desc

Tune out anything legitimate that already behaves this way, then alert on what remains. If you do not run Defender for Endpoint, the same logic works against Sysmon Event ID 1 (process create) filtered to a ParentImage ending in MsMpEng.exe, pulled with Get-WinEvent and shipped to whatever collects your logs.

Symlink and junction abuse in Defender's working paths

The exploit plants a link to redirect a privileged write. Creation of symbolic links or directory junctions under C:\ProgramData\Microsoft\Windows Defender by a process that is not itself SYSTEM is a strong signal worth catching. Turn on Sysmon file-create and file-create-stream logging for that tree and review which processes are creating links there. On a healthy endpoint the answer should be almost none.

Contain the blast radius while you wait

Because the escalation is unpatchable this week, the realistic goal is to make a SYSTEM jump worth less to whoever lands it. Remember the verdict from the top: RoguePlanet needs code already running on the box. Everything that makes that first foothold harder, or contains it once it happens, pays off directly against this bug.

Large enterprises ride out a Defender-grade escalation because no single privilege jump is the whole game: standard users by default, application control, tiered administration, and an alert pipeline that a human actually watches. None of that depends on an enterprise budget. The right-sized version for a small team:

• Run daily-driver accounts as standard users, not local administrators. An escalation buys far less when the starting account already lacks admin and this jump is the only one on offer.
• Turn on Microsoft Defender Attack Surface Reduction rules, especially the ones that block Office applications and script engines from spawning child processes - the most common route to that first foothold.
• If you can run Windows Defender Application Control or AppLocker, even in audit-then-enforce mode, do it. It raises the bar on getting unauthorized code running at all.
• Make sure endpoint alerts land somewhere staffed. A SYSTEM-shell detection that nobody reads is the same as no detection.

For a 200-person company with one or two people covering all of IT and security, that is a realistic week of work, and with a public exploit already circulating it is the right week to spend it.

Treat Defender as attack surface until the engine update lands

Do four things before this slides off your radar. Confirm every endpoint is pulling Defender engine and platform updates automatically, and record the current engine version so you can verify the fix later. Push standard-user accounts and ASR rules now, while there is a reason on the calendar to push them. Wire the SYSTEM-shell and symlink detections above into whatever your alerts feed. Then watch AMEngineVersion across the fleet and confirm it moves the day Microsoft ships. The researcher's own history is the argument for doing this before exploitation is confirmed rather than after: on this series, confirmation has tended to arrive late.