Windows 0-day drops the same day Microsoft releases record number of patches
Key Points:
- A new Windows zero-day exploit called HiveLegacy, published by the pseudonymous researcher NightmareEclypse, allows low-privilege users to modify administrator account registry settings, potentially enabling privilege escalation.
- HiveLegacy targets the Windows User Profile Service by manipulating the classes registry hive, which controls file associations, thereby enabling code execution with admin privileges when the admin logs in.
- The exploit requires knowledge of credentials for one user account and the username of a third account on the machine, but does not require initial admin rights, making it a powerful attack vector.
- Microsoft is investigating the vulnerability but has urged researchers to follow coordinated disclosure policies; meanwhile, security experts recommend running detection scripts and monitoring specific registry and service activities to mitigate risk.
- Analysts warn that HiveLegacy could be chained with other exploits for more direct administrative access, highlighting the severity and potential impact of this privilege escalation flaw.