Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Summary

A security researcher has released a proof-of-concept exploit for a new Windows zero-day vulnerability called LegacyHive. This vulnerability allows for arbitrary hive load elevation of privileges within the Windows User Profile Service, a critical system component.

IFF Assessment

FOE

The release of a zero-day exploit with a functional proof-of-concept poses a significant threat to defenders, as it enables attackers to gain elevated privileges.

Severity

7.8 High (AI Estimated)

The vulnerability is in the Windows User Profile Service and allows for elevation of privileges. Assuming a common attack vector like local access and a high impact on confidentiality, integrity, and availability, a CVSS score in the 'high' severity range is appropriate.

Defender Context

Defenders should be on high alert for exploitation attempts of this zero-day vulnerability, especially given the availability of a PoC. Prompt patching or implementing mitigations for the Windows User Profile Service should be a priority, and monitoring for suspicious activity related to user profile manipulation is advised.

Read Full Story →