Patch for Windows Defender 0-day could allow attackers to fill hard disk
Summary
Ars Technica reports on a Windows Defender zero-day (CVE-2026-50656) patched by Microsoft. The flaw could allow attackers to exhaust disk space by writing large amounts of data via the Defender engine, potentially enabling admin access under certain conditions. The piece also covers patch details, the role of SpyNet and Zone.Identifier, and the ongoing researcher-Microsoft dispute.