CVE-2026-50656

Name of the Vulnerable Software and Affected Versions Microsoft Defender (affected versions not specified) Windows 10 (affected versions not specified) Windows 11 (affected versions not specified)

Description An elevation of privilege flaw exists in the Microsoft Malware Protection Engine within Microsoft Defender, publicly referred to as RoguePlanet. The issue stems from a race condition—specifically a Time-of-Check to Time-of-Use (TOCTOU) flaw—within the malware-remediation flow. This allows a local attacker to bypass real-time protection and spawn command prompts with SYSTEM-level privileges. The flaw is effective regardless of whether real-time protection is enabled or in passive mode. Detection can be achieved by alerting on any SYSTEM-integrity shell where the parent process is MsMpEng.exe.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Review endpoint activity for suspicious privilege escalation behavior. Keep Defender components and security intelligence updated. Monitor Microsoft security update guidance for the release of the official patch.