Microsoft has fixed the “RoguePlanet” zero-day in Microsoft Defender


Microsoft has quietly fixed the “RoguePlanet” zero-day in Microsoft Defender, closing the latest hole exposed by security researcher Nightmare Eclipse after months of public sparring over the company’s handling of vulnerability reports.

The vulnerability, tracked as CVE-2026-50656, was addressed through an update to the Microsoft Malware Protection Engine rather than via its monthly Patch Tuesday bundle. Microsoft said customers should ensure they’re running the latest engine version to receive the fix.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities

    December 13, 2019

    Since the discovery of the Mirai variant using the binary name ECHOBOT in May 2019, it has resurfaced from time to time, using new infrastructure, and more remarkably, adding to the list of vulnerabilities it scans for, as a means to increase its attack surface with each evolution. Unlike other Mirai variants, this particular variant stands out for the sheer ...

  • Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

    December 11, 2019

    In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as ...

  • New Plundervolt attack impacts Intel CPUs

    December 10, 2019

    Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows ...

  • OpenBSD Hit with Authentication, LPE Bugs

    December 5, 2019

    An authentication bypass and three local privilege-escalation (LPE) bugs have been uncovered in OpenBSD, the Unix-like open-source operating system known for its security protections. The most severe of the vulnerabilities is the bypass (CVE-2019-19521), which is remotely exploitable. OpenBSD uses BSD authentication, which enables the use of passwords, S/Key challenge-and-response authentication and Yubico YubiKey tokens. In each ...

  • New vulnerability lets attackers sniff or hijack VPN connections

    December 5, 2019

    Academics have disclosed this week a security flaw impacting Linux, Android, macOS, and other Unix-based operating systems that allows an attacker to sniff, hijack, and tamper with VPN-tunneled connections. The vulnerability — tracked as CVE-2019-14899 — resides in the networking stacks of multiple Unix-based operating systems, and more specifically, in how the operating systems reply to ...

  • FBI warns about snoopy smart TVs spying on you

    December 3, 2019

    She laughed. I laughed. The TV laughed. I shot the TV. “Blasted Decepticons!” That’s how a popular meme went after the Transformer movies hit it big. Today, it’s not so funny. A recent FBI report warned smart TV users that hackers can also take control of your unsecured TV. “At the low end of the risk spectrum, they can ...