
Microsoft确认Defender零日RoguePlanet
Microsoft已确认正为 Defender 零日漏洞 RoguePlanet 开发补丁。该漏洞现编号为 CVE-2026-50656,CVSS 7.8,属权限提升缺陷。研究员称其为竞态条件利用,可能获得 SYSTEM 权限 shell,且 PoC 在实时防护开启或关闭时都可运行。
Microsoft 已正式披露,正在发布补丁以修复一个代号为 RoguePlanet 的 Defender 零日漏洞。
该漏洞现已被分配 CVE 编号 CVE-2026-50656(CVSS 评分:7.8),这家科技巨头将其描述为一个权限提升缺陷。
Microsoft 表示:“Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender, publicly referred to as 'RoguePlanet,'” 该公司还称:“We are working to provide a high-quality security update that addresses this vulnerability.”
这一进展出现在大约一周之后:名为 Chaotic Eclipse(又名 Nightmare-Eclipse)的安全研究员发布了 RoguePlanet,并将该利用称为一种竞态条件,可为攻击者提供具有 SYSTEM 级权限的 shell。
研究员指出:“The exploit is a race condition, so it's a hit or miss,” 研究员表示:“I have managed to get a 100% success rate on some machines while it struggled to work on others.”
在周二分享的一则更新中,研究员补充说:“I forgot to add one thing, surprisingly, the PoC for RoguePlanet works regardless if real-time protection is on or not, which is hilarious. I think it even works in the case of passive mode, but not really sure, haven't tested that.”
Microsoft 上周告诉 The Hacker News,公司已知悉这一已报告漏洞,并且“actively investigating the validity and potential applicability of these claims.”
RoguePlanet 是 Chaotic Eclipse 公开披露的第四个 Defender 漏洞,此前还有 BlueHammer(CVE-2026-33825)、UnDefend(CVE-2026-45498)和 RedSun(CVE-2026-41091),这些漏洞后来都已由 Microsoft 修补。