E-Ink News Daily

Back to list

Patch for Windows Defender 0-day could allow attackers to fill hard disk

A security patch released by Microsoft to fix the Windows Defender zero-day vulnerability CVE-2026-50656 contains a new bug that can cause hard drives to fill up with massive amounts of data. Researcher NightmareEclipse identified that defense-in-depth updates in mpengine.dll lead to memory leaks, allowing attackers to exhaust disk space. This secondary issue complicates the remediation of the original high-severity administrative takeover flaw.

Background

Microsoft recently addressed a critical zero-day vulnerability (CVE-2026-50656) that allowed remote attackers to gain administrative control over Windows 10 and 11 systems. The subsequent patch aimed to mitigate this threat but inadvertently introduced a resource exhaustion flaw.

Source
Ars Technica
Published
Jul 10, 2026 at 04:52 AM
Score
8.0 / 10