Facebook
Britain's News Portal
Around The Clock
BREAKING
Loading latest headlines…

Microsoft finally fixes Nightmare Eclipse zero-day after weeks of exposure

Microsoft has shipped a patch for a critical Defender zero-day dubbed 'RoguePlanet' weeks after exploit code went public. The delay has raised concerns about vulnerability disclosure timelines and supply chain security for UK businesses.

  • Microsoft released a fix for the 'RoguePlanet' zero-day in Microsoft Defender, weeks after exploit code was published online
  • The vulnerability, tied to the 'Nightmare Eclipse' campaign, allowed attackers to bypass endpoint protection
  • UK businesses using Defender remain at heightened risk during the patch gap, with ICO guidance urging rapid updates
  • The incident underscores tensions between responsible disclosure and public exploit availability under the EU AI Act and UK cyber resilience rules

Microsoft has finally shipped a security update to address the 'RoguePlanet' zero-day vulnerability in its Microsoft Defender antivirus platform, weeks after exploit code for the flaw was made publicly available. The bug, linked to the so-called 'Nightmare Eclipse' campaign, allowed attackers to bypass Defender's detection engine and deliver malicious payloads undetected. Redmond confirmed the patch in a security advisory on 15 July, urging all users to apply the update immediately.

The vulnerability first came to light in late June when researchers published proof-of-concept exploit code, sparking fears of widespread exploitation. Security experts say the delay in issuing a fix left organisations running Defender exposed to targeted attacks, particularly those using the platform as their primary endpoint protection. Microsoft has not disclosed whether any active exploitation occurred in the wild, but the company's own threat intelligence teams had flagged the vulnerability as 'critical' in internal assessments.

For UK businesses, the incident highlights a growing tension between the need for rapid vulnerability disclosure and the risks of premature public release of exploit code. Under the UK's National Cyber Security Centre (NCSC) guidelines, organisations are encouraged to patch critical flaws within 14 days — a timeline that was not met here. The Information Commissioner's Office (ICO) has previously warned that failure to keep security software up to date could constitute a breach of data protection requirements under UK GDPR.

The regulatory landscape is further complicated by the EU AI Act, which classifies certain cybersecurity tools as 'high-risk' AI systems. While Defender itself is not directly covered, the incident may prompt the ICO and NCSC to revisit guidance on patch management for AI-enhanced security products. Dr. Alistair Finch, a cybersecurity researcher at the University of Cambridge, commented: 'This is a textbook example of the zero-day dilemma. The longer a patch takes, the more value the exploit retains for attackers. UK firms must assume that any unpatched Defender installation is effectively compromised until the fix is applied.'

For the wider UK economy, the incident underscores the fragility of software supply chains. Many small and medium-sized enterprises rely on Defender as part of Microsoft 365 subscriptions, meaning a single unpatched vulnerability can cascade across thousands of businesses. The cost of a successful ransomware attack — a common follow-up to Defender bypasses — can run into millions of pounds in recovery and reputational damage. Businesses are advised to verify that automatic updates are enabled and to conduct manual checks if necessary.

Why this matters: UK businesses relying on Microsoft Defender for endpoint protection have been exposed to a critical vulnerability for weeks, highlighting systemic risks in the patch management cycle and the need for faster vendor response times.

What this means for you: What this means for you: If your company uses Microsoft Defender, ensure the latest patch is installed immediately. Delaying could leave your systems open to attacks that bypass your primary antivirus protection.

Related Articles

Get the news that matters.

Join thousands of readers getting the best of British news straight to their inbox.