LegacyHive exposes fresh Windows privilege-escalation path

LegacyHive exposes fresh Windows privilege-escalation path


LegacyHive exposes fresh Windows privilege-escalation path

Researcher Nightmare Eclipse released a proof-of-concept for LegacyHive, a zero-day affecting the Windows User Profile Service on fully patched systems. The flaw has no CVE yet. The published PoC was intentionally constrained and requires additional standard-user credentials, but testing by Will Dormann and Kevin Beaumont indicates the exploit works.

Operationally, successful abuse lets a non-admin modify the classes registry hive and achieve code execution when an administrator logs in. Microsoft says it is investigating, while defenders already have hunting queries for Microsoft Defender for Endpoint.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"

Report Page