
New Flaw Reportedly Found in Microsoft Defender Patch for RoguePlanet
Just days after Microsoft released a security update to fix the critical RoguePlanet zero-day vulnerability, a cybersecurity researcher claims the patch has introduced another serious issue.
According to the researcher known as Nightmare-Eclipse, the update to Microsoft’s Malware Protection Engine contains a flaw that can potentially be abused to fill a victim’s storage drive, creating a denial-of-service (DoS) condition.
A New Vulnerability in the Patch
The original RoguePlanet (CVE-2026-50656) vulnerability allowed attackers to escalate privileges and gain full control of affected Windows systems. Microsoft recently addressed the flaw by updating Microsoft Defender’s scanning engine.
However, Nightmare-Eclipse says the new engine contains an unexpected weakness related to how Defender caches files during malware scanning.
Normally, Microsoft Defender enforces strict file-size limits when scanning and quarantining files to prevent excessive resource usage. According to the researcher, one exception bypasses those safeguards, allowing certain files to be cached locally regardless of their size.
How the Exploit Works
To demonstrate the issue, Nightmare-Eclipse published a proof-of-concept exploit.
The researcher explains that by placing a specially crafted file on an SMB (Server Message Block) network share, any Windows computer that accesses the share can be tricked into repeatedly caching the file through Microsoft Defender.
As the cached data continues to grow, the target system’s available disk space is gradually exhausted, potentially rendering the machine unstable or unusable.
Unlike the original RoguePlanet exploit, this issue appears to result in a denial-of-service attack rather than privilege escalation.
Affected Systems
According to testing performed by the researcher, the vulnerability has been successfully reproduced on:
- Windows 11 version 25H2
- Windows Server 2025
It remains unclear whether additional Windows versions are also affected.
Microsoft Yet to Respond
At the time of writing, Microsoft has not publicly acknowledged the newly reported issue or confirmed whether it is investigating the claim.
If verified, the discovery would represent an unusual situation where a security update intended to eliminate one critical vulnerability inadvertently introduces another.
No Patch Available Yet
For now, there is no official workaround or security update addressing the newly reported flaw.
As with the original RoguePlanet disclosure, users are advised to keep Microsoft Defender and Windows fully updated while monitoring Microsoft’s security advisories for any future fixes or guidance regarding this latest reported vulnerability.

