Contact us
Contact us

News

About

Home Crypto News RoguePlanet PoC yields SYSTEM access on patched Windows

RoguePlanet PoC yields SYSTEM access on patched Windows

Author Whitewallet Research
Posted: 10 June 2026, 06:33 CET 2 min read

Anonymous researcher Chaotic Eclipse published a PoC for a Microsoft Defender bug that can grant a SYSTEM shell on Windows 10 and 11 with June 2026 updates.

An anonymous researcher using the handle Chaotic Eclipse published a proof-of-concept exploit for a Microsoft Defender vulnerability called RoguePlanet. The PoC, posted under a new GitHub account named “MSNightmare,” can grant a local attacker a shell running with SYSTEM privileges on Windows 10 and Windows 11 desktops updated with the June 2026 Patch Tuesday fixes.

The exploit relies on a race condition. The researcher wrote, “The exploit is a race condition, so it’s a hit or miss,” and noted success rates varied from near 100% on some machines to failures on others. Security researcher Will Dormann posted that it worked on his first attempt.

Testing was performed on consumer Windows 10 and 11 desktops with June 2026 updates applied. Chaotic Eclipse wrote the PoC does not work on Windows Server in its current form because standard users cannot mount ISO images there, and added that servers could be targeted if the exploit is redesigned. When the exploit succeeds, it delivers a shell with SYSTEM privileges, enabling local execution of code at the highest privilege level.

Chaotic Eclipse previously published PoCs for other Defender flaws tracked as BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498) and RedSun (CVE-2026-41091). The researcher released the RoguePlanet PoC after a dispute with Microsoft over how disclosures were handled and loss of access to the Microsoft Security Response Center account. The researcher wrote that developing the exploit affected their health and claimed to hold additional memory corruption vulnerabilities in Defender and other components.

Microsoft criticized the public disclosures as unjustified and a risk to customers; the company added it will not pursue legal action against security researchers broadly and will work with law enforcement when criminal activity causes harm. Microsoft reiterated support for Coordinated Vulnerability Disclosure as the preferred reporting process.

The dispute prompted removals of the researcher’s GitHub and GitLab accounts. Security researcher Kevin Beaumont said Microsoft is using its ownership of GitHub to favor its own products and is involving law enforcement to treat disclosure as criminal behavior.

Earlier Defender vulnerabilities disclosed by the researcher have been observed exploited in the wild. Microsoft and other security teams continue to monitor the disclosed issues and advise coordinated reporting of newly discovered flaws.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE