Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday
Summary
A security researcher has released a proof-of-concept exploit for a new Windows zero-day vulnerability called LegacyHive. This vulnerability allows for arbitrary hive load elevation of privileges within the Windows User Profile Service, a critical system component.
IFF Assessment
The release of a zero-day exploit with a functional proof-of-concept poses a significant threat to defenders, as it enables attackers to gain elevated privileges.
Severity
The vulnerability is in the Windows User Profile Service and allows for elevation of privileges. Assuming a common attack vector like local access and a high impact on confidentiality, integrity, and availability, a CVSS score in the 'high' severity range is appropriate.
Defender Context
Defenders should be on high alert for exploitation attempts of this zero-day vulnerability, especially given the availability of a PoC. Prompt patching or implementing mitigations for the Windows User Profile Service should be a priority, and monitoring for suspicious activity related to user profile manipulation is advised.