CVE Tools
Back to feed
Ars Technica (Security) ·EN Restricted PoC publicWindows Defender

Patch for Windows Defender 0-day could allow attackers to fill hard disk

By Dan Goodin··2 min read
CVE Tools coverage

Microsoft has issued a patch for a critical zero-day vulnerability in its Windows Defender security engine, identified as CVE-2026-50656. The flaw was publicly disclosed in June by an anonymous researcher using the alias NightmareEclipse, who also shared proof-of-concept code for exploitation. This vulnerability enables remote attackers to gain administrative access on Windows 10 and 11 systems, even if real-time protection is turned off. According to the researcher, the latest update introduces changes that could allow malicious actors to fill up hard drives by generating large volumes of data. Microsoft claims the fix will be automatically applied through an update to the Malware Protection Engine.