LegacyHive Exploit Targets Windows User Profile Service Zero-Day Vulnerability

LegacyHive Exploit Targets Windows User Profile Service Zero-Day Vulnerability

First seen 15 Jul 2026, 15:27 UTC CybersecuritynewsFeeds.4SysopsSecurityaffairs.CoRescanawww.threatlocker.com 82% similarity 71.0

Article Content

Browse articles
ThreatCluster

On July 15, 2026, security researcher Nightmare Eclipse released a proof-of-concept exploit named LegacyHive, targeting a zero-day vulnerability in the Windows User Profile Service (ProfSvc). This flaw allows arbitrary registry hive loading, enabling privilege escalation and unauthorized access to user data. The exploit affects all supported versions of Windows 10, Windows 11, and Windows Server (2016, 2019, and 2022), even on fully patched systems post-July 2026 Patch Tuesday. The PoC demonstrates a dangerous primitive that could be weaponized for more severe attacks. The exploit requires credentials for a secondary user and manipulates registry paths to achieve its goals. Although the PoC is limited, it poses a significant risk due to its sophistication and the timing of its release. The vulnerability was not addressed in the recent patch cycle, leaving systems exposed.

Key Points: • LegacyHive exploit affects all supported Windows versions, including fully patched systems. • The vulnerability allows privilege escalation via arbitrary registry hive loading. • Nightmare Eclipse is known for high-impact disclosures and released the PoC after Patch Tuesday.

ThreatCluster AI

Timeline

2026-07-15
LegacyHive exploit released
Nightmare Eclipse published a PoC exploit targeting the Windows User Profile Service, affecting all supported Windows versions.
Rescana
2026-07-15
Microsoft's July Patch Tuesday
Microsoft addressed over 600 CVEs, but the LegacyHive vulnerability was not patched, leaving systems vulnerable.
ThreatLocker
Recent
Exploit functionality confirmed
The LegacyHive PoC has been independently verified to function on fully patched systems, demonstrating its effectiveness.
Securityaffairs.Co

Community

Browse all →