FOLLOWING a record number of security patches released by Microsoft, a researcher published an exploit called HiveLegacy that allows low-privileged Windows accounts to modify administrator accounts. The exploit targets vulnerabilities in the Windows User Profile Service, enabling non-admin users to alter the registry of admin accounts. This capability potentially grants attackers de facto administrator privileges without needing admin credentials.
Microsoft has not yet responded to inquiries about addressing this zero-day vulnerability. Meanwhile, users are encouraged to run detection scripts and monitor specific activities to protect their systems.