{"id":732703,"date":"2026-06-11T06:45:17","date_gmt":"2026-06-11T03:45:17","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/the-researcher-microsoft-threatened-just-dropped-a-seventh-windows-zero-day-hours-after-patch-tuesday\/"},"modified":"2026-06-11T06:45:17","modified_gmt":"2026-06-11T03:45:17","slug":"the-researcher-microsoft-threatened-just-dropped-a-seventh-windows-zero-day-hours-after-patch-tuesday","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/the-researcher-microsoft-threatened-just-dropped-a-seventh-windows-zero-day-hours-after-patch-tuesday\/","title":{"rendered":"The researcher Microsoft threatened just dropped a seventh Windows zero-day hours after Patch Tuesday"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a35eff6e2e48\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a35eff6e2e48\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/the-researcher-microsoft-threatened-just-dropped-a-seventh-windows-zero-day-hours-after-patch-tuesday\/#TLDR\" >TL;DR<\/a><\/li><\/ul><\/nav><\/div>\n<div id=\"article-main-content\">\n<div class=\"postContent-tldr\">\n<h4 class=\"postContent-offsetTitle\"><span class=\"ez-toc-section\" id=\"TLDR\"><\/span>TL;DR<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p><em>Chaotic Eclipse dropped RoguePlanet, their seventh Windows zero-day, hours after Microsoft\u2019s record Patch Tuesday. It grants SYSTEM access on fully patched machines.<\/em><\/p>\n<\/div>\n<p>Chaotic Eclipse, the security researcher Microsoft threatened with criminal prosecution, has published a <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.techradar.com\/pro\/security\/this-microsoft-defender-zero-day-could-give-hackers-unprecedented-access-to-your-system\" target=\"_blank\" rel=\"nofollow noopener\">seventh Windows zero-day exploit. <\/a>Called RoguePlanet, it grants attackers SYSTEM privileges on fully patched Windows 10 and 11 machines. The researcher released the proof-of-concept hours after Microsoft shipped its June Patch Tuesday update, which fixed a record 200 vulnerabilities.<\/p>\n<p>RoguePlanet exploits a race condition in Windows Defender\u2019s internal processing logic. Specifically, it is a Time-of-Check to Time-of-Use (TOCTOU) vulnerability. An unprivileged user can redirect a file operation performed by Defender, which runs as SYSTEM, to execute attacker-controlled code at the highest privilege level.<\/p>\n<p>\u201c<em>The exploit is a race condition, so it\u2019s a hit or miss,<\/em>\u201d the researcher said. \u201c<em>I have managed to get a 100% success rate on some machines while it struggled to work on others.<\/em>\u201d<\/p>\n<div class=\"inarticle-wrapper latest channel-cta hs-embed-tnw\">\n<div id=\"hs-embed-tnw\" class=\"channel-cta-wrapper\">\n<div class=\"channel-cta-img\"><img decoding=\"async\" class=\"js-lazy\" src=\"https:\/\/media.thenextweb.com\/hardfork-2018\/uploads\/visuals\/tnw-newsletter.png\"\/><\/div>\n<p><img decoding=\"async\" src=\"https:\/\/media.thenextweb.com\/hardfork-2018\/uploads\/visuals\/tnw-newsletter.png\"\/><\/p>\n<div class=\"channel-cta-input\">\n<p class=\"channel-cta-title\">The \ud83d\udc9c of EU tech<\/p>\n<p class=\"channel-cta-tagline\">The latest rumblings from the EU tech scene, a story from our wise ol&#8217; founder Boris, and some questionable AI art. It&#8217;s free, every week, in your inbox. Sign up now!<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>Security firm ThreatLocker confirmed the flaw works and published a video demonstration. \u201c<em>Our initial analysis confirms that the RoguePlanet exploit is viable and performs as described,<\/em>\u201d said CEO Danny Jenkins. He added that <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lication allowlisting can prevent the exploit from executing.<\/p>\n<p>The proof-of-concept was published on a self-hosted Git repository after the researcher said Microsoft had both GitHub and GitLab repositories hosting earlier work removed. This is part of an escalating dispute. Microsoft invoked its Digital Crimes Unit against the researcher and revoked access to their Microsoft Security Response Center account.<\/p>\n<p>Chaotic Eclipse has disclosed seven zero-days in a matter of months: BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, MiniPlasma, and now RoguePlanet. Microsoft\u2019s June Patch Tuesday fixed two of them, GreenPlasma and YellowKey, but the rest remain unpatched. The researcher says the disclosures are retaliation for how Microsoft handled the process.<\/p>\n<p>\u201c<em>They mopped the floor with me and pulled every childish <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> they could,<\/em>\u201d the researcher wrote. \u201c<em>I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer.<\/em>\u201d<\/p>\n<p>The timing is pointed. Microsoft\u2019s June Patch Tuesday was its largest ever, fixing 200 vulnerabilities including 33 rated critical and three publicly disclosed zero-days. Analysts attribute the surge in part to AI-assisted code auditing, which is finding vulnerabilities faster than defenders can patch them. RoguePlanet arriving hours after the record update underscores the gap: even the biggest patch cycle in Microsoft\u2019s history was im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely obsolete for anyone running Windows Defender.<\/p>\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" target=\"_blank\" >Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/chaotic-eclipse-rogueplanet-windows-defender-zero-day\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TL;DR Chaotic Eclipse dropped RoguePlanet, their seventh Windows zero-day, hours after Microsoft\u2019s record Patch Tuesday. It grants SYSTEM access on fully patched machines. Chaotic Eclipse, the security researcher Microsoft threatened with criminal prosecution, has published a seventh Windows zero-day exploit. Called RoguePlanet, it grants attackers SYSTEM privileges on fully patched Windows 10 and 11 machines&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":732704,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/media.thenextweb.com\/2026\/06\/chaotic-eclipse-rogueplanet-windows-defender-zero-day.avif","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-732703","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/732703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=732703"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/732703\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/732704"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=732703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=732703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=732703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}