msnightmare/rogueplanet — explained in plain English
Analysis updated 2026-05-18
Study how a real world Windows privilege escalation vulnerability was discovered and exploited.
Test whether your own Windows 10 or Windows 11 systems are affected by this specific Defender bug.
Learn what a race condition vulnerability looks like in practice.
| msnightmare/rogueplanet | endee-io/endee | microsoft/intelligent-terminal | |
|---|---|---|---|
| Stars | 1,256 | 1,320 | 1,349 |
| Language | C++ | C++ | C++ |
| Last pushed | — | — | 2026-07-03 |
| Maintenance | — | — | Active |
| Setup difficulty | — | moderate | easy |
| Complexity | — | 4/5 | 3/5 |
| Audience | researcher | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
RoguePlanet is a proof of concept exploit targeting a vulnerability in Windows Defender. It was published by a security researcher to document a race condition bug, which is a type of flaw where the outcome depends on timing between different parts of a program running at the same time. Because of that timing dependence, the exploit does not work every single time. The author reports getting a 100 percent success rate on some machines while it struggled on others. The proof of concept has been tested on Windows 11, both the official release channel and the Canary preview channel, as well as on Windows 10 with the June 2026 security patch installed. It does not currently work on Windows Server editions, because the technique relies on mounting an ISO disk image, and standard user accounts on Windows Server are not allowed to do that. The author states they believe Windows Server installations share the same underlying vulnerability, but the proof of concept would need to be redesigned to actually demonstrate it there. When the exploit succeeds, it spawns a SYSTEM level command shell. On Windows, SYSTEM is the highest level of privilege a process can normally run with, higher than a typical administrator account. Getting a SYSTEM shell from a lower privileged starting point is what security researchers call a privilege escalation, and it is the core purpose of this project. The README notes that the race condition behavior is interesting enough that a more careful redesign might make the exploit succeed consistently, but the author says they are finished working on this particular bug for now. This is written in C++ and is aimed at security researchers, penetration testers, and anyone studying Windows vulnerability research rather than general software developers. There is no installation guide, no usage instructions, and no license information in the README, so anyone using this code should treat it as raw research material rather than a maintained tool.
A proof of concept exploit for a Windows Defender race condition bug that can spawn a SYSTEM level shell.
Mainly C++. The stack also includes C++, Windows.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.