VibeTimes
#기술

MS: On Day of Record Patch Count, Another Windows Zero-Day 'LegacyHive' Discovered

모민철모민철 기자· 7/16/2026, 11:03:43 AM· Updated 7/16/2026, 12:33:44 PM

On the day the largest security patch in history was released, exploit code for a zero-day vulnerability capable of hijacking Windows administrator accounts was disclosed. The disclosure of this vulnerability stems from a conflict between an anonymous security researcher known as 'Chaotic Eclipse' and Microsoft. The researcher, who has raised issues with Microsoft's vulnerability handling process since April 2026, has been releasing exploits prior to patches, and claimed that three Defender-related vulnerabilities disclosed in May were actually abused in attacks.

The anonymous security researcher disclosed exploit code for 'LegacyHive,' which allows for the manipulation of Windows administrator accounts. The newly disclosed 'LegacyHive' leverages a privilege escalation vulnerability in the Windows User Profile Service to enable the modification of the administrator account's registry hive even with low-privilege accounts.

The released proof-of-concept code, despite being a version with some functionality reduced, allows for attacks knowing only the target user's credentials and a third-party username. Furthermore, it has been confirmed to work normally on all supported desktop and server versions, including the latest Windows versions with the July patch applied.

쿠팡 파트너스 활동의 일환으로 일정 수수료를 제공받습니다

Related Articles