Technology

Microsoft rushes fix for Defender zero-day after public disclosure

Microsoft pushed an emergency Defender fix for RoguePlanet after public disclosure, and the patch may create files large enough to fill a drive.

Lisa Park··2 min read
Published
Listen to this article0:00 min
Microsoft rushes fix for Defender zero-day after public disclosure
Source: dedirock.com

Microsoft issued an out-of-band patch on July 9, 2026, for a Microsoft Defender zero-day tracked as CVE-2026-50656 and publicly dubbed RoguePlanet. The flaw sits in the Microsoft Malware Protection Engine, carries an Important rating and a CVSS base score of 7.8, and is tied to CWE-59, improper link resolution before file access. The disclosure followed Microsoft’s June 2026 Patch Tuesday and came from the researcher known as Nightmare Eclipse, also identified in coverage as Chaotic Eclipse.

The practical danger for ordinary Windows users and enterprise fleets is disruption, not theft. Reporting on the fix said the patch may have a side effect that causes Windows machines to write files large enough to consume available disk space, potentially filling a hard drive. That raises the stakes for laptops, desktops, and servers already running close to capacity, where a security update can become an outage if storage is not monitored during deployment.

AI-generated illustration
AI-generated illustration

The exploit details made the emergency response harder to ignore. Coverage said the proof-of-concept worked on fully patched Windows 10 and Windows 11 systems, including machines that had already taken the June 2026 updates. Microsoft said systems with Microsoft Defender disabled are not in an exploitable state, but the company’s own advisory also noted that Defender files remain on disk even when the product is disabled. That means the risk follows the footprint of Defender itself, not just whether a user has toggled the service off.

For IT departments, the patch demanded immediate action outside the normal monthly cycle. Microsoft’s Security Response Center says it investigates reported vulnerabilities and regularly updates malware definitions and engine components, with security intelligence and platform updates able to be pushed manually or by enterprise administrators. That makes this a rollout problem as much as a security one: administrators need to move the engine update quickly, confirm which endpoints still have Defender enabled, and watch storage levels as the fix lands. Delaying until the next Patch Tuesday would leave machines exposed to a publicly demonstrated flaw that was already working against fully patched systems.

The disclosure also extended a public feud that has been building since April 2026. Multiple Nightmare Eclipse findings have been followed by open sparring with Microsoft, with some earlier bugs patched in June and others exploited in the wild before fixes arrived. The RoguePlanet episode adds another crack to that trust gap, because the company moved fast with an emergency patch only after the flaw had already been shared publicly.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in Technology