Last month, security researcher Chaotic Eclipse (better known as Nightmare-Eclipse) managed to bypass Windows 11's sophisticated BitLocker security feature using a USB stick. Nightmare claimed that Microsoft "intentionally" left a backdoor in the security feature:
"Could have made some insane cash selling this, but no amount of money will stand between me and my determination against Microsoft." The company has since patched three zero-day exploits published by the security researcher, including YellowKey, GreenPlasma, and MiniPlasma.
More recently, Nightmare-Eclipse disclosed a new zero-day vulnerability dubbed RoguePlanet, which affects Microsoft Defender on both Windows 11 and Windows 10. The exploit could allow attackers to gain full control of affected systems (via Bleeping Computer).
Microsoft acknowledged the vulnerability and indicated that it's tracking the RoguePlanet zero-day exploit under CVE-2026-50656. According to the company:
"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as "RoguePlanet ". We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available."
The security sleuth shared a proof-of-concept exploit in a self-hosted Git repository, further claiming that Microsoft had scrapped its repository hosting exploits on GitHub and GitLab.
The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others. The PoC for RoguePlanet works regardless if real time protection is on or not.
Nightmare-Eclipse
Perhaps more interestingly, this news comes after Microsoft previously fronted Windows 11’s Defender as enough for most PC owners. "Microsoft Defender Antivirus covers everyday risks without requiring additional software,” the company added.
The statement seemed highly debatable in the community, though many still agreed with Microsoft's sentiments, including some of Windows Central's readers:
"It's not a secret, Windows Defender has been the best or near the best antivirus for years by now. Times when third-party antivirus actually served a purpose are long gone. You're just slowing down your system and paying for no reason."
In a subsequent blog post, Microsoft admitted that while Windows 11's Defender is usually enough for most users, third‑party tools add extra layers of protection, including identity monitoring or built-in VPNs.
Elsewhere, Nightmare-Eclipse and Microsoft had been locked in a months-long battle, with Microsoft even threatening legal action. But after backlash from the wider cybersecurity community, the company signaled it no longer intends to pursue lawsuits against researchers who conduct or publish their findings.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.
