LegacyHive Exploit Targets Windows User Profile Service for Privilege Escalation

LegacyHive Exploit Targets Windows User Profile Service for Privilege Escalation

First seen 15 Jul 2026, 15:27 UTC CybersecuritynewsFeeds.4Sysops 82% similarity 65.2

Article Content

Browse articles
ThreatCluster

A proof-of-concept exploit named LegacyHive has been released, targeting the Windows User Profile Service (ProfSvc). This vulnerability allows local elevation of privileges, enabling standard users to load another user's registry hive. The exploit remains functional across all currently supported versions of Windows desktop and server, even after the July 2026 Patch Tuesday updates. The vulnerability poses a significant risk as it can be exploited without requiring administrative privileges. Security researchers have confirmed that the exploit can lead to unauthorized access to sensitive user data. Organizations using affected Windows systems are advised to monitor for potential exploitation. No specific CVEs have been assigned yet, but the exploit is considered a serious threat. The situation is evolving, and further updates may be necessary as more information becomes available.

Key Points: • LegacyHive exploit allows privilege escalation on Windows User Profile Service. • The vulnerability affects all supported versions of Windows desktop and server. • No CVEs assigned yet, but the exploit poses a significant risk to user data.

ThreatCluster AI

Timeline

2026-07-15
LegacyHive exploit released
A proof-of-concept exploit targeting Windows User Profile Service was made public, allowing privilege escalation for standard users.
Feeds.4Sysops
2026-07-15
Vulnerability confirmed across Windows versions
The exploit remains functional on all currently supported versions of Windows desktop and server, even post-July updates.
Cybersecuritynews

Community

Browse all →