Microsoft-Threatened Researcher Drops Seventh Windows Zero-Day
Security researcher Chaotic Eclipse has publicly released "RoguePlanet," a seventh Windows zero-day exploit, just hours after Microsoft's record-breaking June Patch Tuesday. This vulnerability grants SYSTEM privileges on fully patched Windows 10 and 11 systems, deepening a dispute with Microsoft over previous disclosures. The exploit leverages a race condition in Windows Defender.
Security researcher "Chaotic Eclipse," who previously faced threats from Microsoft, has publicly released a seventh Windows zero-day exploit, dubbed "RoguePlanet." This disclosure came merely hours after the tech giant’s record-setting June Patch Tuesday, reigniting an escalating and contentious public dispute over vulnerability reporting.
The newly revealed RoguePlanet vulnerability grants attackers SYSTEM-level privileges on fully updated Windows 10 and 11 systems. This means that even machines that applied Microsoft’s latest patches remain susceptible to this particular exploit, underscoring a significant challenge in maintaining system security.
Unpacking the RoguePlanet Exploit
RoguePlanet specifically leverages a race condition within Windows Defender's internal processing logic, identified as a Time-of-Check to Time-of-Use (TOCTOU) flaw. This allows an unprivileged user to maliciously redirect a file operation, typically performed by Defender with SYSTEM privileges, to execute attacker-controlled code at the highest possible access level. The researcher noted that while the exploit can be "hit or miss," they achieved a 100% success rate on some test machines.
The viability of RoguePlanet has been independently confirmed by security firm ThreatLocker. Danny Jenkins, CEO of ThreatLocker, stated, "Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described." He also highlighted that implementing application allowlisting could prevent the exploit from successfully executing, offering a potential mitigation strategy.
A Deepening Feud with Microsoft
This public release marks the latest escalation in a bitter conflict between Chaotic Eclipse and Microsoft. The researcher claims these disclosures are in direct retaliation for Microsoft's aggressive handling of their previous vulnerability reports. This alleged behavior includes threats of criminal prosecution, the invocation of Microsoft's Digital Crimes Unit, and the revocation of Chaotic Eclipse’s access to their Microsoft Security Response Center (MSRC) account. Furthermore, the researcher stated that Microsoft had earlier proof-of-concept exploits removed from both GitHub and GitLab repositories.
Chaotic Eclipse has openly expressed deep frustration with Microsoft's approach, characterizing their actions as "childish games" and accusing the corporation of deliberately causing them distress throughout the disclosure process.
Patch Tuesday's Ironic Aftermath
The timing of RoguePlanet's release is particularly poignant, coinciding almost immediately after Microsoft's largest-ever June Patch Tuesday. This historic update cycle addressed an unprecedented 200 vulnerabilities, including 33 critical flaws and three zero-days that were already publicly known. However, RoguePlanet's emergence highlights a critical gap: despite this monumental patching effort, fully updated systems are immediately vulnerable to this new threat.
Of the seven zero-days disclosed by Chaotic Eclipse—BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, MiniPlasma, and now RoguePlanet—only GreenPlasma and YellowKey were addressed in the recent Patch Tuesday. This leaves five other vulnerabilities previously reported by the researcher still unpatched, further fueling the ongoing dispute and the immediate risk to Windows users.
The Accelerating Cybersecurity Landscape
This incident underscores a broader trend in cybersecurity: the accelerating pace of vulnerability discovery. Industry analysts suggest that advancements in tools like AI-assisted code auditing are enabling researchers to identify flaws at an unprecedented rate. This creates a challenging environment where even the most comprehensive patching efforts struggle to keep pace with newly emerging threats, effectively placing defenders in a continuous uphill battle against an evolving landscape of vulnerabilities.
With RoguePlanet now publicly detailed, the immediate risk to Windows users persists, emphasizing the urgent need for a multi-layered defense strategy beyond traditional patching. The ongoing saga between Chaotic Eclipse and Microsoft continues to illuminate the complex dynamics of responsible disclosure and corporate responses in the critical cybersecurity domain.
FAQ
Q: What is RoguePlanet and what kind of vulnerability does it exploit?
A: RoguePlanet is the seventh Windows zero-day exploit released by security researcher Chaotic Eclipse. It exploits a race condition, specifically a Time-of-Check to Time-of-Use (TOCTOU) vulnerability, within Windows Defender's internal processing logic, allowing an unprivileged user to gain SYSTEM privileges.
Q: Why did Chaotic Eclipse release this zero-day publicly?
A: Chaotic Eclipse stated that the public disclosures are in retaliation for Microsoft's handling of the vulnerability reporting process. This includes Microsoft allegedly threatening criminal prosecution, invoking its Digital Crimes Unit, revoking the researcher's MSRC account access, and removing earlier exploit repositories from GitHub and GitLab.
Q: How does RoguePlanet impact users who have applied the latest Patch Tuesday updates?
A: RoguePlanet affects fully patched Windows 10 and 11 machines, meaning that even systems updated with Microsoft's record-setting June Patch Tuesday remain vulnerable to this specific zero-day. While Patch Tuesday addressed many issues, RoguePlanet was not among them, and five of Chaotic Eclipse's seven disclosed zero-days remain unpatched.
Related articles
startups: Apple investors are running out of patience with its AI
Apple investors are losing patience with the tech giant's artificial intelligence strategy, especially after a largely disappointing Worldwide Developers Conference (WWDC). The company's stock is significantly
Anthropic Overhauls Claude Design: Fixes Tokens, Adds Design System
Anthropic has released a major overhaul of Claude Design, addressing its initial token-burning problem with shared usage limits and efficiency gains. The update also introduces design system imports for enterprise brand compliance and bidirectional integration with Claude Code to streamline the design-to-engineering workflow. This strategic move positions Claude Design as a critical component in Anthropic's broader vision to embed AI across the enterprise stack.
Social media’s next evolution: user-controlled algorithms: User
Social media platforms like Threads, Instagram, and TikTok are launching AI tools for users to control feed algorithms. This shift enables personalized content, boosting engagement through tailored experiences.
in-depth: Interactive. Violent. Gross. Inside Fishtank, the Unhinged
Police responded to a distress call reporting a gunman and a gunshot at the Atlanta mansion of "Fishtank," a controversial reality TV show, on March 16, 2026. Described as "Big Brother without limits," the program's unhinged nature is thrust into the spotlight by this alarming incident. This event raises serious questions about the safety and ethical boundaries of extreme, interactive reality television.
Senua's Saga of Uncertainty: Decoding Microsoft's Controversial Moves
Just days after announcing Ninja Theory's new game, *Senua*, at the Xbox Games Showcase, reports surfaced that Microsoft was planning to shut down or spin off the studio. This bewildering turn of events stems from Xbox's recent financial "reset" and has left fans questioning the future of Ninja Theory and its highly anticipated next title, currently slated for TBA 2027.
How to Safely Free Up PC Storage Without Risky Cleanup Tools
Learn to take control of your PC's storage by manually identifying and removing unnecessary files, effectively reclaiming disk space while avoiding the pitfalls of automated cleanup tools that can delete critical data.