New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers

**Executive summary:** A public proof-of-concept called RoguePlanet, released by researcher "Nightmare Eclipse," exploits a TOCTOU race condition in Microsoft Defender to spawn a SYSTEM-level shell on fully patched Windows 10 and 11 systems; the author has published multiple Defender-targeting exploits and prior tooling has been observed in live intrusions, increasing the urgency for organizations to monitor for an emergency patch.