By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Windows 0-day Exploit Released Same Day as Microsoft Patches

A researcher identified as NightmareEclypse published exploit code for a Windows zero-day vulnerability on the same day Microsoft released a record number of security patches. This newly disclosed exploit, named HiveLegacy, targets a flaw in the Windows User Profile Service and allows low-privilege Windows accounts to gain elevated administrator privileges. Multiple security researchers have confirmed the exploit's functionality, prompting Microsoft to address the vulnerability.
HiveLegacy is described as a "pretty powerful primitive" that enables users or processes with limited system rights to compromise an administrator account. This is achieved by modifying the "classes registry hive," a critical resource that dictates which applications open when specific file types are accessed in Windows Explorer. The anonymous researcher, who has previously published nine such exploits, stated that the proof-of-concept code was intentionally simplified to mitigate malicious use.
This incident highlights a recurring challenge for Microsoft, as it follows a pattern of zero-day vulnerabilities being disclosed shortly after or concurrently with the company's scheduled security updates. NightmareEclypse has reportedly expressed dissatisfaction with Microsoft's handling of their bug reports, suggesting a potential motive behind the timing of these disclosures. The company is now expected to develop and release a patch to address the HiveLegacy vulnerability.
Original source — read the full reporting at the publisher:
Read on Ars TechnicaGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.