Breaking 09:02 China condemns new U.S. visa restrictions and warns of reciprocal measures 09:02 U.S. housing market loses momentum as pending home sales decline in June 08:35 Reports raise possibility of delay to 2026 World Cup final over wildfire smoke 08:31 Seven U.S. aid workers quarantine in Kenya after new Ebola travel restrictions 08:30 Donald Trump to attend 2026 FIFA World Cup final between Spain and Argentina 08:15 Trump Accounts program aims to encourage long-term investing for American children 07:58 Iraqi armed group claims to offer reward over threats against Donald Trump 07:15 Trump makes election security a central issue ahead of U.S. midterm elections 20:00 OpenAI investigates reports of AI tool deleting user files without permission 19:15 OnePlus reportedly plans to scale back operations in the U.S. and Europe 18:34 U.S. ammunition stockpile recovery could take years, report says 16:32 Apple explores AI chip acquisitions to strengthen its artificial intelligence infrastructure 14:14 Commemorative Trump dollar coin sparks legal debate ahead of America's 250th anniversary 13:15 Trump defends his first-term economy and Covid-19 response amid renewed debate 13:00 JPMorgan nears historic $1 trillion market valuation 12:42 New York Times challenges Trump administration subpoenas in press freedom dispute 11:44 Musk and Altman reignite AI rivalry amid legal and industry tensions 11:11 US strategic petroleum reserve falls to lowest level since 1983 10:42 Democratic lawmakers show growing support for ending US military aid to Israel 10:21 US defense secretary orders annual testosterone screening for troops over 30 10:05 Iran threatens regional infrastructure after renewed tensions with the United States

New Windows Defender zero-day enables system privileges escalation

Wednesday 10 June 2026 - 11:17
By: Dakir Madiha
New Windows Defender zero-day enables system privileges escalation

A new security flaw has emerged in Microsoft Defender shortly after the release of a major Patch Tuesday update cycle. The vulnerability allows attackers to gain SYSTEM-level privileges on fully updated Windows 10 and Windows 11 machines. The issue stems from a race condition inside Microsoft Defender, exposing systems even after recent security patches were applied.

The exploit, named RoguePlanet, was released as a proof-of-concept by a security researcher known as Nightmare Eclipse. The code demonstrates how local privilege escalation can be achieved on systems that have installed the June 2026 cumulative update KB5094126. Independent security analysis confirmed that the exploit functions as described and can be reproduced under real-world conditions.

ThreatLocker, a cybersecurity company, validated the findings after testing the exploit on updated Windows 11 systems. Its engineers confirmed that the attack can successfully elevate privileges under specific conditions, although execution depends on timing due to the race condition. The company noted that application allowlisting can block the exploit by restricting unauthorized execution paths on affected systems.

The researcher behind RoguePlanet stated that the exploit originally targeted remote code execution through Microsoft Defender handling of SMB share files, but later changes to Microsoft’s API forced a shift toward local privilege escalation. The researcher also described variable success rates across machines, indicating inconsistent exploitation depending on system behavior.

This disclosure is part of a broader campaign that has seen multiple zero-day releases targeting Windows components in recent months. Microsoft’s latest Patch Tuesday addressed more than 200 vulnerabilities, including several previously disclosed flaws. Among them was a privilege escalation issue in Defender that was already known to be actively exploited in the wild, highlighting continued pressure on the company’s security response cycle.

Microsoft initially reacted strongly to the wave of disclosures, suggesting possible legal action against individuals causing harm. The company later reversed its position and returned to a coordinated vulnerability disclosure framework. Despite this shift, the researcher continued publishing additional exploits through independent infrastructure.


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Read more

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.