HeadlinesBriefing favicon HeadlinesBriefing.com

Windows Defender Patch Causes Disk Space Issues

Ars Technica •
×

A recent patch for Windows Defender, intended to fix a zero-day vulnerability, may inadvertently allow attackers to fill up hard drives. The vulnerability, dubbed Rogue Planet (CVE-2026-50656), was discovered by researcher Nightmare Eclipse and allows remote attackers to gain administrative control. Although Microsoft released an update to the Malware Protection Engine on Wednesday, Nightmare Eclipse claims new "defense-in-depth" additions introduce a flaw.

This flaw, located in the mpengine.dll driver, reportedly causes an 8-byte data leak when opening files. Combined with new functionality in Microsoft's Spy Net cloud service, this leak could enable attackers to write massive amounts of data. Normally, Defender limits file sizes during scans to prevent disk exhaustion, but the researcher claims Spy Net functions compel Defender to cache even enormous files locally.

This situation highlights the ongoing tension between Microsoft and independent researchers. While the patch addresses a critical security flaw, its side effects could lead to data loss or system instability for users. The potential for attackers to exploit this to deny service by consuming all disk space presents a new threat vector that Microsoft will need to address promptly.