logo

Windows Defender Vulnerability Exposed as RoguePlanet PoC Spreads Online

ID: 5dd419df-269b-51e7-811a-8f65651bd591

STIX ID: report--5dd419df-269b-51e7-811a-8f65651bd591

Feed Name: The Cyber Express

Threat Score
78/100

Date Published: 2026-06-18

Date Updated: 2026-06-18

Author: Ashish Khaitan

...
...

**Executive summary:** CVE-2026-50656 (RoguePlanet) is a TOCTOU race-condition vulnerability in Microsoft Defender with a CVSS 3.1 base score of 7.8 that enables local attackers to substitute files during scanning to execute payloads as SYSTEM; a public PoC was published on GitHub prior to an available patch. The report covers the exploit mechanics, real-world reliability caveats (race wins and automated retries), likely post-compromise uses (disabling security, credential theft, persistence, lateral movement), and recommended mitigations including EDR detections, least-privilege controls, Attack Surface Reduction rules, blocking known PoC hashes, and applying Microsoft's fix when released.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.