Last month, security researcher Chaotic Eclipse, widely recognized by the moniker Nightmare-Eclipse, achieved a remarkable feat by successfully bypassing Windows 11’s advanced BitLocker security using nothing more than a USB stick. In a bold statement, Nightmare-Eclipse suggested that Microsoft had “intentionally” embedded a backdoor within the security feature, asserting, “Could have made some insane cash selling this, but no amount of money will stand between me and my determination against Microsoft.”
In response to this revelation, Microsoft swiftly addressed the situation by patching three zero-day exploits disclosed by Nightmare-Eclipse, namely YellowKey, GreenPlasma, and MiniPlasma. The tech giant acknowledged the vulnerability and is currently monitoring the RoguePlanet zero-day exploit, cataloged under CVE-2026-50656. In a statement, Microsoft noted, “Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ‘RoguePlanet.’ We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.”
Understanding the Exploit
The exploit itself is characterized as a race condition, leading to varying success rates across different machines. Nightmare-Eclipse reported achieving a 100% success rate on certain devices, while others posed challenges. The proof of concept (PoC) for RoguePlanet operates independently of whether real-time protection is enabled or not.
This development arrives on the heels of Microsoft previously promoting Windows 11’s Defender as sufficient for the average PC user. The company had claimed, “Microsoft Defender Antivirus covers everyday risks without requiring additional software,” a statement that sparked considerable debate within the community. Nonetheless, many users echoed Microsoft’s sentiments, with some readers from Windows Central asserting, “It’s not a secret, Windows Defender has been the best or near the best antivirus for years by now. Times when third-party antivirus actually served a purpose are long gone. You’re just slowing down your system and paying for no reason.”
In a subsequent blog post, Microsoft conceded that while Windows 11’s Defender is typically adequate for most users, third-party tools can provide additional layers of security, such as identity monitoring or built-in VPNs.
Meanwhile, the ongoing saga between Nightmare-Eclipse and Microsoft has seen tensions rise, with the company previously contemplating legal action. However, following pushback from the broader cybersecurity community, Microsoft has signaled a shift in its approach, indicating it no longer intends to pursue lawsuits against researchers who share their findings.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.