Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

New Windows Zero-Day Exploit: LegacyHive Brings Privilege Escalation Vulnerability to Fully Patched Systems


A new Windows zero-day exploit called LegacyHive has been discovered by Chaotic Eclipse, allowing attackers to elevate privileges on fully patched systems. This vulnerability targets the Windows User Profile Service (ProfSvc) and has significant implications for system security.

  • The LegacyHive exploit is a Windows zero-day vulnerability that affects fully patched systems.
  • The exploit targets the Windows User Profile Service (ProfSvc) to load another user's registry hive.
  • The vulnerability has significant implications, allowing access to protected registry data and potentially elevating privileges.
  • Chaotic Eclipse published the exploit on July 15, 2026, hours after Microsoft's Patch Tuesday.
  • Chaotic Eclipse has been critical of Microsoft's handling of vulnerabilities, accusing them of mishandling reports and revoking access to their account.
  • Micrsoft's Security Response Center called the exploit "irresponsible" and criticized Chaotic Eclipse for skipping coordinated vulnerability disclosure.
  • Security experts are urging users to apply all available patches and updates to protect against LegacyHive.



  • Chaotic Eclipse, a renowned security researcher also known as Nightmare Eclipse, has unveiled a new Windows zero-day exploit called LegacyHive. This vulnerability affects fully patched Windows desktop and server systems, providing a potential pathway for attackers to elevate privileges and access sensitive data.

    The exploit targets the Windows User Profile Service (ProfSvc), allowing an attacker with code execution as a standard user to load another user's registry hive, potentially that of a local administrator, under their own profile. This vulnerability has significant implications, as it can be used to access registry data that should remain protected and may help elevate privileges under the right conditions.

    The LegacyHive exploit was published by Chaotic Eclipse on July 15, 2026, just hours after Microsoft's July 2026 Patch Tuesday. The researcher had previously released several Windows zero-days, including GreatXML, RoguePlanet, BlueHammer, UnDefend, and RedSun, which were believed to stem from a dispute with Microsoft over the vulnerability reporting process.

    Chaotic Eclipse has been critical of Microsoft's handling of these vulnerabilities, arguing that previous reports were mishandled and that researchers were not properly credited. The researcher has also accused Microsoft's Security Response Center (MSRC) of revoking access to their account, rejecting reports, and failing to provide compensation.

    In a statement, Microsoft's Security Response Center called the zero-day dumps "irresponsible" and stated that they work with hundreds of researchers through coordinated vulnerability disclosure, compensating them through bug bounty programs and crediting them publicly. The implication is clear: when someone skips this step, real people get attacked with real tools built from the published research.

    The release of LegacyHive has sparked concerns among security experts and organizations, who are urging users to be cautious and apply all available patches and updates to protect against this new vulnerability.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/New-Windows-Zero-Day-Exploit-LegacyHive-Brings-Privilege-Escalation-Vulnerability-to-Fully-Patched-Systems-ehn.shtml

  • https://securityaffairs.com/195418/hacking/chaotic-eclipse-unveils-legacyhive-exploit-affecting-fully-patched-windows-systems.html


  • Published: Wed Jul 15 12:36:07 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us