Breaking 18:18 United States eases sanctions on Iranian oil sales following Switzerland talks 18:00 Chevron and Microsoft bet on natural gas to power artificial intelligence data centers 17:44 SpaceX turns to bond markets for first time to fund expansion and repay debt 17:10 Washington Post Reports Record Rise in Democratic Turnout in US House of Representatives Elections 16:48 Bank of America forecasts renewed Federal Reserve tightening cycle in 2026 15:22 Alan Greenspan, the “Maestro” of US monetary policy, dies at 100 14:02 Arcosa to be acquired by CRH as infrastructure consolidation accelerates 13:45 Uber-backed lime seeks Nasdaq listing in $180.9 million IPO push 13:32 Europe Would Struggle To Wage War Without US Support, Security Report Warns 13:00 US Airlines Enter Earnings Test As Geopolitical Support Fades 12:45 US and Iran reach breakthrough in Switzerland talks, Pakistan PM says 12:30 Low ESG Rating For SpaceX Sparks Debate Despite Strong Market Performance 12:15 Baker Hughes offers concessions to EU regulators over Chart Industries takeover 12:00 China Tightens Export Controls On Rare Earths Targeting US Companies Amid Rising Trade Tensions 10:16 Trump Intensifies Criticism Of Italy Over NATO And Middle East Security Role 09:40 ECB study finds limited impact of AI on US employment and wages so far 08:45 Castlelake’s £5 billion bid for EasyJet rejected despite multiple offers 08:30 Trump escalates legal battle with The New York Times over Iran coverage 07:35 South Korean ships resume passage through the Strait of Hormuz after U.S.-Iran agreement 07:09 U.S.-Iran talks continue in Switzerland despite reports of delegation dispute 07:02 Reports claim Giancarlo Esposito embraces Islam during Middle East visit

New Windows Defender zero-day enables system privileges escalation

Wednesday 10 - 11:17
By: Dakir Madiha
New Windows Defender zero-day enables system privileges escalation

A new security flaw has emerged in Microsoft Defender shortly after the release of a major Patch Tuesday update cycle. The vulnerability allows attackers to gain SYSTEM-level privileges on fully updated Windows 10 and Windows 11 machines. The issue stems from a race condition inside Microsoft Defender, exposing systems even after recent security patches were applied.

The exploit, named RoguePlanet, was released as a proof-of-concept by a security researcher known as Nightmare Eclipse. The code demonstrates how local privilege escalation can be achieved on systems that have installed the June 2026 cumulative update KB5094126. Independent security analysis confirmed that the exploit functions as described and can be reproduced under real-world conditions.

ThreatLocker, a cybersecurity company, validated the findings after testing the exploit on updated Windows 11 systems. Its engineers confirmed that the attack can successfully elevate privileges under specific conditions, although execution depends on timing due to the race condition. The company noted that application allowlisting can block the exploit by restricting unauthorized execution paths on affected systems.

The researcher behind RoguePlanet stated that the exploit originally targeted remote code execution through Microsoft Defender handling of SMB share files, but later changes to Microsoft’s API forced a shift toward local privilege escalation. The researcher also described variable success rates across machines, indicating inconsistent exploitation depending on system behavior.

This disclosure is part of a broader campaign that has seen multiple zero-day releases targeting Windows components in recent months. Microsoft’s latest Patch Tuesday addressed more than 200 vulnerabilities, including several previously disclosed flaws. Among them was a privilege escalation issue in Defender that was already known to be actively exploited in the wild, highlighting continued pressure on the company’s security response cycle.

Microsoft initially reacted strongly to the wave of disclosures, suggesting possible legal action against individuals causing harm. The company later reversed its position and returned to a coordinated vulnerability disclosure framework. Despite this shift, the researcher continued publishing additional exploits through independent infrastructure.

Keywords:



Latest News États-Unis (United States)
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

Read more

Microsoft rushes to contain critical React2Shell vulnerability amid global exploitation Technology Microsoft rushes to contain critical React2Shell vulnerability amid global exploitation
Critical WordPress Plugin Vulnerability Raises Security Concerns in Morocco Technology Critical WordPress Plugin Vulnerability Raises Security Concerns in Morocco

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.