The researcher said their exploit uses a race condition problem affecting Microsoft Defender, giving attackers less than a hundred percent odds at success, which can potentially allow SYSTEM-level privilege on even freshly updated Windows.
As before, the exploit arrives just after Microsoft issued its June 2026 Tuesday patches, where the company issued fixes for over 200 security flaws, including 32 critical ones. “The timing is a giveaway, MiniPlasma was released on May 13, 2026—exactly one day after Microsoft’s May Patch Tuesday cycle, ensuring defenders have no official vendor patch for weeks,” Agnidipta Sarkar, chief evangelist at ColorTokens, had said about Eclipse’s previous “MiniPlasma” disclosure.
The exploit was dropped in a new GitHub repository, “MSNightmare,” surely a pointed reference to Microsoft, after GitHub (owned by Microsoft) removed Eclipse’s original repositories recently. Several earlier Eclipse disclosures were reportedly incorporated into real-world attacks shortly after exploit code became available, prompting warnings from Microsoft and multiple security vendors.
The bug allows code execution through SYSTEM access
In a June 9 blog post titled “RoguePlanet, a quick history,” Eclipse wrote of an initial iteration of the Windows Defender bug. While technical details remain scarce, the blog did mention that it has to do with getting a victim to open a “.vhd(x) on a remote SMB server.”
