Thursday, July 16, 2026
HomeTechnologyMicrosoft nemesis returns with another zero-day PoC — but is 'LegacyHive' as...

Microsoft nemesis returns with another zero-day PoC — but is ‘LegacyHive’ as nasty as expected?

  • Researcher “Chaotic Eclipse” releases new Windows 11 zero‑day dubbed LegacyHive, a local privilege escalation bug targeting user registry hives
  • Exploit could let attackers elevate low‑privileged accounts, but requires prior device access; no CVE or full PoC was published
  • Experts caution that skilled actors could weaponize it quickly, urging intelligence teams to prepare mitigations despite lower perceived impact than earlier releases

Chaotic Eclipse, the infamous security researcher with a Microsoft grudge, did as they previously promised and released yet another zero-day vulnerability for fully patched Windows 11 devices.

However, other researchers don’t see it as dangerous as some of their previous releases.

Chaotic Eclipse disclosed a zero-day called LegacyHive, which is a local privilege escalation (LPE) bug targeting Windows’ user hives.

Escalating privileges

A few months ago, a hacker/researcher with the alias Chaotic Eclipse started publishing functioning exploits for fully patched Windows 11 systems, all with PoCs, claiming that Microsoft acted against them in ill faith and argued that the company does not treat researchers with the respect they deserve.

They released a total of seven exploits, some more damning than others, and promised to release a “bone-shattering” one on July 14 2026. In the meantime, Microsoft first criticized the researcher for not “responsibly” disclosing the flaws, and at one point even threatening possible legal action. However, it did not sue the researcher and later backed away from the threat entirely, partly as a result of strong public backlash.

In Windows, user hives are registry files that store configuration settings specific to an individual user account. These include desktop preferences, user-specific application settings, network drive mappings, user-specific security and privacy settings, and more.

With LegacyHive, threat actors could, in theory, gain privileged read-write access targeting other users’ hives. Or, in other words, they could turn low-privileged accounts into high-privileged ones. However, they would first need to have any access to the device, which is one of the reasons why some security researchers don’t see it as disastrous as Chaotic Eclipse’s previous work.

What also makes LegacyHive different from some other releases is that this one was not released with a CVE identifier or a fully functioning Proof of Concept (PoC).

Still, security experts are urging intelligence teams to work fast, because skilled threat actors can fill the gaps with relative ease, and turn LegacyHive into a potent weapon.

Via The Register

Tribune Arab
Tribune Arab
We provide you with the latest breaking news straight from the different industry.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

TOP CATEGORIES

Most Popular

POPULAR TAGS

Recent Comments