Patch for Windows Defender 0-day could allow attackers to fill hard disk
Summary
Microsoft released a patch on Wednesday to fix a security flaw in Windows Defender that allowed attackers to take control of Windows 10 and 11 systems. However, this patch may cause a new problem where the system can fill up the hard drive by writing very large files, leading to disk space running out and system instability.Key Facts
- The patched flaw, called RoguePlanet (CVE-2026-50656), lets attackers control Windows machines remotely.
- Microsoft’s update fixes this vulnerability automatically through the Microsoft Malware Protection Engine.
- The new patch includes extra security updates called “defense-in-depth.”
- A security researcher named NightmareEclipse says these updates cause a bug that can make Defender write huge files that fill up the disk.
- This happens because Defender tries to keep copies of special hidden metadata files called Zone.Identifier for files downloaded from the internet.
- Attackers could exploit this through a custom SMB server, which is a way computers share files over a local Windows network.
- The bug causes Defender to lock files and fill the disk space, making the computer unstable but not crash.
- Microsoft has not confirmed whether the disk-filling problem is real yet.
- The researcher and Microsoft have had ongoing disagreements about vulnerability disclosures and patches since May.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.