The researcher that Microsoft threatened has just released a seventh Windows zero-day shortly after Patch Tuesday.

The researcher that Microsoft threatened has just released a seventh Windows zero-day shortly after Patch Tuesday.

      Chaotic Eclipse has released RoguePlanet, their seventh Windows zero-day exploit, just hours after Microsoft's record-breaking Patch Tuesday. This exploit provides attackers with SYSTEM access on fully updated machines. The security researcher, who faced threats of criminal prosecution from Microsoft, shared the proof-of-concept shortly after Microsoft addressed a historic 200 vulnerabilities in its June Patch Tuesday update.

      RoguePlanet takes advantage of a race condition within Windows Defender’s internal processing logic, specifically a Time-of-Check to Time-of-Use (TOCTOU) vulnerability. An unprivileged user can manipulate a file operation executed by Defender, which operates under SYSTEM privileges, to execute code controlled by the attacker at the highest privilege level.

      “The exploit is a race condition, so it’s a hit or miss,” the researcher explained. “I’ve achieved a 100% success rate on certain machines, while it didn’t work as well on others.” The security company ThreatLocker confirmed the exploit's effectiveness and released a video demonstration. CEO Danny Jenkins stated, “Our initial analysis confirms that the RoguePlanet exploit is viable and works as described,” adding that application allowlisting could block the exploit's execution.

      The proof-of-concept was uploaded to a self-hosted Git repository after the researcher claimed that Microsoft had removed their work from both GitHub and GitLab repositories. This incident is part of a growing conflict, as Microsoft has engaged its Digital Crimes Unit against the researcher and revoked their access to the Microsoft Security Response Center account.

      In recent months, Chaotic Eclipse has disclosed seven zero-day vulnerabilities: BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, MiniPlasma, and now RoguePlanet. Microsoft's June Patch Tuesday addressed two of these—GreenPlasma and YellowKey—while the others remain unpatched. The researcher believes these disclosures are a response to how Microsoft has managed the situation.

      “They mopped the floor with me and resorted to every childish tactic they could,” the researcher wrote. “I was left wondering if I was dealing with a large corporation or someone simply enjoying my distress.”

      The timing is noteworthy, given that Microsoft’s June Patch Tuesday was its largest to date, addressing 200 vulnerabilities, including 33 categorized as critical and three previously disclosed zero-days. Analysts suggest that the increase is partially due to AI-assisted code audits that are identifying vulnerabilities more quickly than they can be fixed. The release of RoguePlanet shortly after the substantial update highlights the ongoing security issues: even the most extensive patch cycle in Microsoft’s history was made obsolete for users running Windows Defender.

Other articles

The trailer for Social Reckoning has been released, and Jeremy Strong seems to be an ideal selection for the role of Mark Zuckerberg. The trailer for Social Reckoning has been released, and Jeremy Strong seems to be an ideal selection for the role of Mark Zuckerberg. Aaron Sorkin is back with The Social Reckoning, a companion work to The Social Network that focuses on the Facebook whistleblower controversy, featuring Jeremy Strong in the role of Zuckerberg. The trailer for Social Reckoning has been released, and Jeremy Strong seems like the ideal candidate to portray Mark Zuckerberg. The trailer for Social Reckoning has been released, and Jeremy Strong seems like the ideal candidate to portray Mark Zuckerberg. Aaron Sorkin makes a comeback with The Social Reckoning, a companion work to The Social Network, focusing on the Facebook whistleblower controversy, featuring Jeremy Strong in the role of Zuckerberg. iOS 27: What We Know About the Upcoming Features Coming to Your iPhone iOS 27: What We Know About the Upcoming Features Coming to Your iPhone The iOS 27 update from Apple introduces enhancements to Siri AI and Apple Intelligence, but the less notable updates to Mail, AirDrop, Photos, Shortcuts, AirPods, and compatibility are equally important. Here’s a summary of everything disclosed about iOS 27. Your Technology, Your Style with JLab: The Case for Affordable Premium Audio Your Technology, Your Style with JLab: The Case for Affordable Premium Audio Whether it's for work calls, exercise, commuting, or leisurely breaks, each part of the day requires different performance from our audio equipment. JLab's newest collection is centered around the straightforward concept that personal technology should conform to our daily lives, rather than the reverse, all while making high-quality features accessible. Paramount is integrating Pluto TV, BET+, and Paramount+ into a single technology platform in anticipation of HBO Max. Paramount is integrating Pluto TV, BET+, and Paramount+ into a single technology platform in anticipation of HBO Max. By mid-2026, Paramount aims to consolidate its streaming technology to reduce expenses, enhance advertising, and create a strategy for integrating HBO Max following the completion of the Warner Bros. merger. A jazz label produced a rendition of an AI-generated song to highlight a crucial issue that the music industry has been neglecting. A jazz label produced a rendition of an AI-generated song to highlight a crucial issue that the music industry has been neglecting. A jazz record label transformed a nameless AI-generated song into a commentary on human creativity and developed a tool to support it.

The researcher that Microsoft threatened has just released a seventh Windows zero-day shortly after Patch Tuesday.

Chaotic Eclipse released RoguePlanet, a Windows Defender zero-day that provides SYSTEM access on fully updated systems, just hours after Microsoft's significant update featuring 200 fixes.