Microsoft has shipped a security patch to address a zero-day vulnerability in its Defender antivirus software, tracked as CVE-2026-50656 and dubbed "RoguePlanet." The flaw resides in the Microsoft Malware Protection Engine ("mpengine.dll"), which provides scanning, detection, and cleaning capabilities for the security product. Details of the vulnerability became public nearly a month ago, after the June 2026 Patch Tuesday.
The issue carries a CVSS score of 7.8, indicating high severity. It is a privilege escalation vulnerability that could allow an attacker to gain SYSTEM-level access on an affected system. Active exploitation of the flaw has not been confirmed by Microsoft, but the disclosure of technical details increases the risk of attacks.
Attackers could exploit the vulnerability by convincing a user to open a specially crafted file, which would trigger the Defender engine's scanning process. The malicious file could be delivered via email, web downloads, or other common vectors. Once triggered, the flaw allows the attacker to escalate privileges from a limited user account to SYSTEM, the highest level of access on Windows.
Microsoft has released the patch as part of its latest security update cycle. Users are strongly advised to install the update immediately, as Windows Update will deliver it automatically for those with automatic updates enabled. No workarounds have been published, but keeping Defender signatures up-to-date may reduce some risk until the patch is applied.
The vulnerability was reported through Microsoft's bug bounty program, though the researcher who discovered it has not been publicly named. This is the second Defender zero-day disclosed in 2026, underscoring the growing attention on security products themselves as potential attack surfaces.