Security researcher Chaotic Eclipse released a new proof-of-concept exploit called LegacyHive, which leverages a Windows User Profile Service vulnerability to achieve arbitrary hive load elevation of privileges. The exploit works on all supported Windows versions, including those patched in the latest July 2026 update, and allows non-admin users to modify registry hives of other accounts, posing a significant privilege escalation risk. Microsoft is investigating the vulnerability and committed to addressing it, while the incident highlights ongoing challenges in coordinated vulnerability disclosure and security patching.
https://thehackernews.com/2026/07/researcher-drops-new-windows-zero-day.html

