Microsoft’s fix for RoguePlanet has its own new disk space bug

Summary created by Smart Answers AI
In summary:
- Microsoft’s recent patch for the RoguePlanet vulnerability in Defender inadvertently introduced a new serious flaw that can exhaust disk space on Windows systems.
- PCWorld reports that cybersecurity researcher Nightmare-Eclipse discovered this bug affects Windows 11 25H2 and Windows Server 2025, with a proof-of-concept exploit demonstrating the issue.
- The vulnerability causes Defender to cache excessively large files when visiting an SMB server, potentially filling up available storage space completely.
The other day, we reported that Microsoft had patched RoguePlanet, a zero-day vulnerability in the Defender security app. RoguePlanet was a serious flaw that allowed hackers to gain full access to vulnerable PCs, so the patch to Microsoft’s Malware Protection Engine was much needed.
However, according to Nightmare-Eclipse, the anonymous cybersecurity researcher who first discovered RoguePlanet, there’s actually another serious flaw in the very update that addressed RoguePlanet.
Normally, Defender is careful when handling file sizes, with hard limits on how large a file can be when scanning and quarantining. However, Nightmare-Eclipse found a small exception that causes Defender to cache a file locally regardless of its file size. You can see where this is going—when abused, Defender will run out your disk space.
Per his MO, Nightmare-Eclipse has created a proof-of-concept exploit that shows how bad it can be. By placing a malicious file on an SMB server, he’s able to make it so that any PC that visits the SMB server will exhaust its disk space via Defender.
So far, he’s been able to reproduce the bug in both Windows 11 25H2 and Windows Server 2025. Microsoft hasn’t yet commented on the new issue caused by its patch, reports Neowin.
This article originally appeared on our sister publication PC för Alla and was translated and localized from Swedish.





