Microsoft shipped a patch for a serious Windows Defender flaw — and the cure may carry its own problems.
The vulnerability, CVE-2026-50656 (dubbed RoguePlanet), lets remote attackers gain administrative control of Windows 10 and Windows 11 machines even with real-time protection turned off. It was disclosed publicly in June by a pseudonymous researcher called NightmareEclipse, who also released exploit code. Microsoft addressed it Wednesday through an automatic update to the Microsoft Malware Protection Engine — no user action required. The same update bundles what Microsoft describes as "defense-in-depth updates to help improve security-related features," which is the kind of phrase that tends to precede a separate advisory a few weeks later.
The catch: NightmareEclipse says the patch itself may cause Windows machines to write files large enough to fill the hard disk entirely. A fix that bricks storage is not a solved problem — it is a tradeoff, and users currently have no manual override since the update deploys automatically. That framing matters because a full disk can take down services, corrupt data, and deny access just as effectively as the original exploit.
NightmareEclipse has published several zero-days against Microsoft products over recent months, putting the company in a reactive posture. A researcher who has already forced multiple emergency patches is not someone whose post-patch warnings should be dismissed as noise.