CVE Tools
Back to feed
The Hacker News ·EN News source PoC public Chaotic Eclipse Nightmare-EclipseWindows User Profile Service (ProfSvc)SharePoint ServerActive Directory Federation Services

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

By The Hacker News··4 min read
CVE Tools coverage

A security researcher known as Chaotic Eclipse has published a proof-of-concept (PoC) exploit for a new Windows elevation of privilege vulnerability dubbed LegacyHive. The flaw resides in the Windows User Profile Service and enables attackers to load arbitrary hive files, potentially escalating privileges. Notably, the exploit works across all supported desktop and server versions of Windows, even those updated with the July 2026 Patch Tuesday release. This follows ongoing tensions between the researcher and Microsoft over premature disclosures of other vulnerabilities.