🟠 High  |  Source: The Hacker News


Microsoft has patched CVE-2026-50656, a privilege escalation vulnerability in the Microsoft Malware Protection Engine (mpengine.dll), which underpins Defender antivirus products. Dubbed RoguePlanet, the flaw carries a CVSS score of 7.8 and could allow an attacker to gain SYSTEM-level privileges on affected machines. The patch arrives nearly a month after the vulnerability was publicly disclosed, meaning unpatched systems have been exposed for a significant window.

Security Architect’s Take: Verify that Microsoft Defender signature and engine updates have been automatically applied across all Windows workloads — including Azure VMs, AVD session hosts, and hybrid Arc-enrolled servers — as Defender typically updates silently but fleet-wide confirmation via Defender for Endpoint or Intune compliance reports is advisable. Prioritise any internet-exposed or identity-critical hosts given the SYSTEM-level impact.

Original advisory: Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges