New Windows LegacyHive zero-day gives hackers admin privileges

New Windows LegacyHive zero-day gives hackers admin privileges
A security researcher known as Nightmare Eclipse released LegacyHive, a Windows zero-day proof-of-concept that can escalate privileges on fully updated systems by abusing the Windows User Profile Service. The exploit was intentionally stripped down to require extra credentials, while Microsoft says it is investigating the claim and cybersecurity experts have confirmed the PoC works. #NightmareEclipse #LegacyHive #WindowsUserProfileService #MicrosoftDefenderForEndpoint

Keypoints

  • LegacyHive is a Windows zero-day exploit released as a proof-of-concept.
  • The flaw targets the Windows User Profile Service on up-to-date systems.
  • The PoC now requires additional credentials to make weaponization harder.
  • Successful exploitation can let non-admin users alter the classes registry hive.
  • Kevin Beaumont confirmed the exploit and shared detection queries for Microsoft Defender for Endpoint.

Read More: https://www.bleepingcomputer.com/news/security/new-windows-legacyhive-zero-day-exploit-grants-hackers-admin-access/