A recent patch for a Windows Defender zero-day vulnerability may have unintended consequences. The patch, released by Microsoft on Wednesday, is intended to fix the RoguePlanet vulnerability, which allows remote attackers to gain administrative control of Windows 10 and Windows 11 machines.
The vulnerability, tracked as CVE-2026-50656, was disclosed in June by researcher NightmareEclipse, who also published code for exploiting it. Microsoft's patch may cause Windows machines to write files large enough to completely consume available disk space, according to the researcher.
The update will be automatically downloaded and installed without user action, and also includes defense-in-depth updates to improve security-related features. The feud between NightmareEclipse and Microsoft continues, with the researcher having published several zero-days in recent months, prompting Microsoft to scramble for patches.



