The patch released by Microsoft to address the RoguePlanet zero-day vulnerability in the Defender security app has itself exposed a new serious flaw. The patch, intended to prevent hackers from gaining full access to vulnerable PCs, has a critical issue that allows malicious files to exhaust a PC's disk space.
Nightly scans and quarantining functions in Defender are normally careful when handling file sizes, with hard limits in place to prevent large files from causing issues. However, a small exception in the patch causes Defender to cache a file locally regardless of its size, creating a vulnerability that can be exploited by hackers.
An anonymous cybersecurity researcher, who has a history of discovering security flaws, has created a proof-of-concept exploit that demonstrates the severity of this issue. By placing a malicious file on an SMB server, the researcher can cause any PC that visits the server to exhaust its disk space via Defender.
The bug has been successfully reproduced in both Windows 11 and Windows Server 2025. Microsoft has yet to comment on the new issue caused by its patch, leaving users vulnerable to this critical flaw.