This Microsoft Defender zero-day could give hackers unprecedented access to your system

• Chaotic Eclipse drops seventh Windows zero‑day, “RoguePlanet,” hours after Patch Tuesday
• Race‑condition exploit grants SYSTEM privileges; PoC confirmed viable by ThreatLocker
• Researcher continues public disclosures amid feud with Microsoft, following BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma

Chaotic Eclipse, the mysterious security researcher with a Microsoft grudge, disclosed another zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its recent record June Patch Tuesday cumulative update.

This is the seventh zero-day exploit Chaotic Eclipse has disclosed in a matter of months. Called “RoguePlanet”, this bug is described as a “race condition vulnerability” that grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.

The researcher published a Proof-of-Concept (PoC) exploit earlier this week in a self-hosted Git, after saying that both GitHub and GitLab repositories hosting earlier work got removed by Microsoft.

Performing as described

"The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," they explained.

Security researchers ThreatLocker confirmed to the publication that the flaw works, and even recorded a video to demonstrate how it works.

"Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described. Organizations using application allowlisting can prevent the exploit from executing, providing an effective layer of protection against this attack," Danny Jenkins, CEO of ThreatLocker, told BleepingComputer.

In early April 2026, Chaotic Eclipse disclosed finding BlueHammer, a Windows Defender privilege escalation vulnerability. At the time, they said they were leaking it because they were unsatisfied with how Microsoft handled vulnerability disclosures.

"They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision,” they later elaborated.

In the meantime, six more flaws were disclosed: RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma - with Microsoft releasing this month’s Patch Tuesday cumulative update, fixing two of the flaws: GreenPlasma and YellowKey.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.