🟠 High  |  Source: The Register — Security


Microsoft has released a patch for a zero-day vulnerability in Microsoft Defender, dubbed RoguePlanet by the threat group Nightmare Eclipse, weeks after working exploit code was publicly available. The delay between exploit publication and patch release meant organisations running Defender were exposed for an extended period. This is notable because Defender is a core security control in many Windows and Azure environments, meaning a compromise could undermine broader endpoint and cloud defences.

Security Architect’s Take: Verify that Microsoft Defender definitions and platform updates have been applied across all endpoints and Azure-connected workloads immediately. Given the extended window of public exploit availability, consider reviewing endpoint detection logs and Microsoft Defender for Cloud alerts for signs of exploitation activity during the unpatched period.

Original advisory: Microsoft closes book on Nightmare Eclipse’s RoguePlanet zero-day