A security patch released by Microsoft to fix the Windows Defender zero-day vulnerability CVE-2026-50656 contains a new bug that can cause hard drives to fill up with massive amounts of data. Researcher NightmareEclipse identified that defense-in-depth updates in mpengine.dll lead to memory leaks, allowing attackers to exhaust disk space. This secondary issue complicates the remediation of the original high-severity administrative takeover flaw.
Background
Microsoft recently addressed a critical zero-day vulnerability (CVE-2026-50656) that allowed remote attackers to gain administrative control over Windows 10 and 11 systems. The subsequent patch aimed to mitigate this threat but inadvertently introduced a resource exhaustion flaw.
- Source
- Ars Technica
- Published
- Jul 10, 2026 at 04:52 AM
- Score
- 8.0 / 10