Microsoft Races to Fix ‘RoguePlanet’ Zero-Day Flaw

Microsoft is actively developing a fix for a zero-day vulnerability in its Microsoft Defender antivirus platform, after a public proof-of-concept (PoC) exploit surfaced that weaponizes a race condition to gain elevated system access. The flaw, tracked internally and now known as ‘RoguePlanet’, allows an attacker to spawn a command prompt with full System-level privileges, bypassing standard user restrictions.

The exploit code, released publicly, targets a timing gap within Defender’s process handling. By manipulating this race condition, an unprivileged user can escalate their rights to the highest Windows security level. This effectively hands over complete control of the affected machine, enabling actions such as installing malware, altering system files, or disabling security features.

Security researchers have confirmed that the attack vector does not require any user interaction beyond the initial exploitation of the vulnerable component. The flaw resides in how Defender manages concurrent access to certain system resources, creating a window for privilege escalation.

Microsoft has acknowledged the issue and stated that a security patch is being prepared. While no specific release date has been given, the company is likely to prioritize this fix given the public availability of working exploit code. In the interim, organizations are advised to monitor for unusual system behavior and apply any pending Defender updates as soon as they are available.

This incident highlights the persistent challenge of zero-day vulnerabilities in endpoint protection software, where even trusted security tools can become attack vectors.