加载中... --°C -- · --% · --
|
加载中... --°C -- · --% · --

Patch for Windows Defender 0-day could allow attackers to fill hard disk

Patch for Windows Defender 0-day could allow attackers to fill hard disk
摘要

微软于周三发布补丁,修复其Defender安全引擎中的一个零日漏洞。但发现该漏洞的研究人员指出,此补丁可能导致Windows设备写入大量文件,直至完全耗尽可用磁盘空间。该漏洞编号为CVE-2026-50656,于今年6月被化名为NightmareEclipse的研究人员公开,并附带了利用代码。攻击者可借此远程获取Windows 10和Windows 11系统

A patch Microsoft released on Wednesday to fix a zero-day vulnerability in its Defender security engine may cause Windows machines to write files large enough to completely consume available disk space, the researcher who discovered the flaw said.

RoguePlanet, tracked as CVE-2026-50656, came to public notice in June when NightmareEclipse, the pseudonymous name used by a researcher, disclosed it along with code for exploiting it. The vulnerability allows remote attackers to gain administrative control of Windows 10 and Windows 11 machines, even when real-time protection has been disabled. Over the past few months, the anonymous researcher has published a handful of other zero-days that have sent Microsoft scrambling to develop patches.

Writing files of unlimited size

Microsoft said Wednesday that it patched RoguePlanet with an update to the Microsoft Malware Protection Engine, which is used by the Defender antivirus app. The fix will automatically be downloaded and installed without users having to take any action. Wednesday’s update also includes “defense-in-depth updates to help improve security-related features.”

Read full article

Comments

转载信息
原文: Patch for Windows Defender 0-day could allow attackers to fill hard disk (2026-07-09T20:52:55)
作者: Dan Goodin 分类: 科技
评论 (0)
登录 后发表评论

暂无评论,来留下第一条评论吧