Researcher Nightmare Eclipse Unveils New Windows Zero-Day After Record Patch Tuesday

The disgruntled bug hunter known as Nightmare Eclipse published a new Windows zero-day on Wednesday, hours after Microsoft issued its largest-ever set of security fixes for June Patch Tuesday. The vulnerability, dubbed RoguePlanet, targets Microsoft Defender and includes a proof-of-concept exploit that works against fully patched Windows 10 and Windows 11 systems.

RoguePlanet is the seventh zero-day Nightmare Eclipse has disclosed without a patch from Microsoft. The researcher claims to be a former Microsoft employee and accuses the company of ignoring vulnerability reports, deleting their reporting account, and publicly humiliating them.

RoguePlanet Exploit Details and Validation

The flaw requires an attacker to win a race condition to achieve local privilege escalation, granting SYSTEM level control. Shortly after the disclosure, ThreatLocker's threat intelligence team validated the exploit code, stating they are actively assessing impact and affected systems. Will Dormann, senior vulnerability analyst at Tharros Labs, tested the exploit and reported it worked on the first attempt, though he noted it is not 100% reliable.

Key facts about the vulnerability and related disclosures:

• RoguePlanet is the seventh zero-day Nightmare Eclipse has released before a Microsoft fix.
• Three of the previous six zero-days (RedSun, UnDefend, BlueHammer) were exploited in the wild before patches arrived.
• The other three (YellowKey, GreenPlasma, MiniPlasma) were patched as of June's Patch Tuesday.
• Microsoft's initial response to earlier disclosures was seen as legal threats, drawing community backlash until Redmond clarified it would not sue researchers.
• Nightmare Eclipse had promised a "bone shattering" disclosure on July 14 but postponed it, citing exhaustion from RoguePlanet's complexity.

Update Installation Woes Add to Microsoft's Headaches

Separately, Microsoft warned customers on Tuesday that some Windows devices upgraded to Windows 11 24H2 or 25H2 may fail to install the latest monthly updates. The company is investigating and advises users to manually download and install the updates if automatic attempts fail.

A Microsoft spokesperson said the company is aware of the RoguePlanet claim and is investigating its validity. They emphasized support for coordinated vulnerability disclosure. It remains unclear when a fix for RoguePlanet will arrive, though the previous seven zero-days all took between one and three Patch Tuesdays to resolve. With the researcher indicating a possible break, the immediate future of the campaign is uncertain, but the underlying tension between Nightmare Eclipse and Microsoft shows no sign of easing.