2 min read

Microsoft Defender patch adds new disk-filling bug

A fix for the RoguePlanet zero-day appears to introduce a new flaw in Microsoft Defender that can exhaust disk space on Windows 11 25H2 and Windows Server 2025.

Image: PCWorld

A patch Microsoft shipped to fix the RoguePlanet zero-day in Defender appears to have created a fresh problem: a bug that can fill up a system’s disk.

According to PCWorld, the issue was found by Nightmare-Eclipse, the anonymous security researcher who previously disclosed RoguePlanet. That earlier flaw let attackers gain full access to vulnerable PCs, prompting Microsoft to patch its Malware Protection Engine.

Nightmare-Eclipse says the update introduced a new exception in how Defender handles file sizes. Under normal conditions, Defender enforces hard limits on how large a file can be when it scans or quarantines content. But in this case, Defender can cache a file locally regardless of size.

Recommended reading

New macOS malware slips past Gatekeeper

The result is straightforward: an attacker can abuse that behavior to consume all available disk space.

Nightmare-Eclipse has also published a proof-of-concept exploit. By placing a malicious file on an SMB server, he showed that any PC visiting that server could have its disk space exhausted through Defender’s caching behavior.

So far, he says he has reproduced the bug on:

  • Windows 11 25H2
  • Windows Server 2025

Microsoft had not commented on the new issue at the time of publication, according to Neowin.

Sophia Reynolds

Security Editor

Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.

via PCWorld

// Keep reading