arstechnica.com 7/15/2026, 8:01:28 PM · external

HiveLegacy exploit lets users hijack Windows admin accounts

HiveLegacy exploit lets users hijack Windows admin accounts
CyberSIXT Evidence Panel

FOLLOWING a record number of security patches released by Microsoft, a researcher published an exploit called HiveLegacy that allows low-privileged Windows accounts to modify administrator accounts. The exploit targets vulnerabilities in the Windows User Profile Service, enabling non-admin users to alter the registry of admin accounts. This capability potentially grants attackers de facto administrator privileges without needing admin credentials.

Microsoft has not yet responded to inquiries about addressing this zero-day vulnerability. Meanwhile, users are encouraged to run detection scripts and monitor specific activities to protect their systems.

View Primary Source Via arstechnica.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline