www.securityweek.com 7/16/2026, 7:07:04 AM · external

LegacyHive zero day exploit targets Windows profile hives

LegacyHive zero day exploit targets Windows profile hives
CyberSIXT Evidence Panel
Primary Source github.com

NIGHTMARE Eclipse, a security researcher, has released a new zero-day exploit called LegacyHive that targets a local privilege escalation vulnerability in Windows User Profile Service. This exploit allows attackers to gain access to other users' hives, including administrators'. The proof-of-concept (PoC) exploit requires standard user credentials and a third username, usually an administrator account, to function.

LegacyHive is a continuation of previous exploits released by Nightmare Eclipse, including BlueHammer and GreenPlasma. Microsoft has not yet acknowledged this new vulnerability, and SecurityWeek has reached out for a comment.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline