Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
AI-summarised brief · reviewed before publication
Security researcher Chaotic Eclipse released a new Windows zero-day proof-of-concept (PoC) exploit called LegacyHive just hours after Microsoft’s July 2026 Patch Tuesday update. The exploit targets the Windows User Profile Service and allows elevation of privileges by loading arbitrary hives. It works across all supported Windows desktop and server versions, including the latest update. The release follows a months-long public dispute between the researcher and Microsoft over premature vulnerability disclosures. Three previously disclosed flaws were actively exploited soon after public release.
💡 Why It Matters
- · The timing of the PoC’s release—immediately after a major patch—raises concerns about the effectiveness of Microsoft’s disclosure coordination and the potential for real-world exploitation.
- · The fact that LegacyHive functions on fully patched systems underscores the severity of the flaw and the risks posed by delayed or contested vulnerability reporting.