Microsoft recently released a patch for the RoguePlanet vulnerability in Microsoft Defender, aimed at addressing a severe flaw that allowed hackers to take full control of affected systems. However, cybersecurity researcher Nightmare-Eclipse has uncovered a new vulnerability introduced by this very patch, which could allow attackers to completely fill a PC’s disk space.
Nightmare-Eclipse, known for discovering the original RoguePlanet flaw, reported that this new issue arises in Windows 11 25H2 and Windows Server 2025. The vulnerability occurs when Defender excessively caches large files while interacting with an SMB server. This behavior can lead to a significant depletion of disk space.
The problem stems from a slight exception in Defender’s file handling rules. Typically, Defender imposes restrictions on the size of files it scans, but in this case, it fails to do so under certain conditions, leading to potential misuse. Nightmare-Eclipse created a proof-of-concept exploit able to demonstrate how an attacker could place a malicious file on an SMB server that would, upon access, fill up a user’s available storage space.
Microsoft has yet to respond to this newly discovered issue stemming from its patch.
For further details, follow the coverage on the RoguePlanet patch and the new disk space vulnerability here.
