Last month, the cybersecurity landscape was shaken when researcher Chaotic Eclipse, known in the community as Nightmare-Eclipse, successfully bypassed Windows 11’s advanced BitLocker security feature using a simple USB stick. In a bold statement, Nightmare-Eclipse suggested that Microsoft had left a backdoor in the system, claiming, “Could have made some insane cash selling this, but no amount of money will stand between me and my determination against Microsoft.” Following this revelation, Microsoft acted swiftly, patching three zero-day exploits identified by the researcher, which were named YellowKey, GreenPlasma, and MiniPlasma.
Emergence of RoguePlanet
In a recent development, Nightmare-Eclipse unveiled another zero-day vulnerability, dubbed RoguePlanet, which poses a threat to Microsoft Defender on both Windows 11 and Windows 10. This exploit could potentially grant attackers complete control over compromised systems, as reported by Bleeping Computer. Microsoft has acknowledged the vulnerability and is tracking it under the identifier CVE-2026-50656. The company stated, “Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ‘RoguePlanet.’ We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.”
Nightmare-Eclipse has shared a proof-of-concept exploit via a self-hosted Git repository, noting that Microsoft had previously removed its repository hosting exploits from GitHub and GitLab. The researcher elaborated on the nature of the exploit, describing it as a race condition that can yield inconsistent results:
“The exploit is a race condition, so it’s a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others. The PoC for RoguePlanet works regardless if real-time protection is on or not.” – Nightmare-Eclipse
This news arrives at a time when Microsoft has been promoting Windows 11’s Defender as a sufficient security solution for most users. The company stated, “Microsoft Defender Antivirus covers everyday risks without requiring additional software.” However, this assertion has sparked debate within the community. While some users agree with Microsoft’s assessment, others express skepticism. A reader from Windows Central remarked, “It’s not a secret, Windows Defender has been the best or near the best antivirus for years by now. Times when third-party antivirus actually served a purpose are long gone. You’re just slowing down your system and paying for no reason.”
In a follow-up blog post, Microsoft acknowledged that while Windows 11’s Defender generally suffices for most users, third-party tools can provide additional layers of protection, such as identity monitoring and built-in VPNs. Meanwhile, the ongoing conflict between Nightmare-Eclipse and Microsoft has seen the tech giant threaten legal action against the researcher. However, in light of backlash from the cybersecurity community, Microsoft has indicated that it no longer intends to pursue lawsuits against researchers who share their findings.
