Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control


A publicly available exploit called RoguePlanet can give attackers the highest level of access on Windows systems. Microsoft has confirmed the vulnerability and says it’s working on a security update.

RoguePlanet is tracked under CVE-2026-50656, where it’s described as a Microsoft Defender Elevation of Privilege (EoP) vulnerability.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Intel Chip Vulnerability Worse than Thought, Lets Hackers Hijack Fleets of PCs

    May 8, 2017

    That vulnerability that Intel discovered and disclosed last week after going undetected for almost a decade is much worse than originally thought as it allows hackers to remotely gain full control over affected PCs running Windows, without even needing a password.  As announced by Intel, the bug affects Intel’s Active Management Technology (AMT) which allows IT ...

  • PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely

    May 1, 2017

    Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated ...

  • Systems-on-a-chip are a huge, unaudited attack surface, says Project Zero’s Wi‑Fi attack man

    April 12, 2017

    The internal inter-chip communications of devices like smartphones are a “huge, mostly unaudited attack surface,” according to Gal Beniamini of Google’s Project Zero, in his promised follow-up to last week’s demonstration of how to attack Wi‑Fi chips over the air. His April 4 “part one” prompted emergency patches from Apple and Google, new drivers from Broadcom ...

  • Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop

    April 11, 2017

    Adobe patched 59 vulnerabilities in five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App as part of its regularly scheduled software update today. The company warned in a series of security bulletins posted shortly before noon Tuesday that the bulk of the bugs, 44, are critical and could lead to code ...

  • Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day

    April 10, 2017

    This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia. This represents a significant level of ...

  • Apple Fixes 223 Vulnerabilities Across macOS, iOS, Safari

    March 28, 2017

    Apple fixed hundreds of bugs, 223 to be exact, across a slate of products including macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday. More than a quarter of the bugs, 40 in macOS Sierra, and 30 in iOS, could lead to arbitrary code execution – in some instances with root privileges, Apple warned. The lion’s share of ...