🟠 High | Source: The Hacker News
A security researcher has publicly released a proof-of-concept exploit called LegacyHive targeting a previously undisclosed vulnerability in the Windows User Profile Service (ProfSvc), allowing local privilege escalation. The PoC was dropped shortly after Microsoft’s July 2026 Patch Tuesday cycle, meaning it may not yet be patched. This is particularly concerning as elevation of privilege vulnerabilities are commonly used as a second stage in broader attack chains.
Security Architect’s Take: Prioritise patching Windows endpoints and cloud-hosted Windows VMs (Azure, AWS EC2, GCP Compute) immediately — treat this as a zero-day until Microsoft confirms patch coverage. Review Defender for Endpoint and EDR telemetry for suspicious ProfSvc activity, and consider restricting local logon access to sensitive Windows hosts as a temporary mitigation.
Original advisory: Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday