Windows Zero-Day Exploit Released Day After Microsoft Patches
A zero-day exploit targeting Windows, capable of allowing low-privilege accounts to alter administrator accounts, has been published the same day Microsoft released a record number of security patches.

A previously undisclosed Windows vulnerability, dubbed HiveLegacy, has been publicly disclosed by a researcher just as Microsoft issued a significant batch of security fixes. The exploit allows users with limited system privileges to modify administrator accounts.
Researchers have confirmed the exploit functions as described. The vulnerability resides within the Windows User Profile Service and allows for privilege escalation by altering critical registry hives. This could potentially enable malicious actors to gain elevated access to systems.
This marks the ninth zero-day exploit published by the anonymous researcher, known as NightmareEclypse, who has previously voiced dissatisfaction with Microsoft's bug reporting process. The researcher stated that the published proof-of-concept code has been simplified to hinder malicious use, though its effectiveness highlights ongoing security challenges.
Microsoft faces renewed pressure to address the vulnerability, which was disclosed shortly after the release of its largest-ever set of security patches. The company has not yet publicly commented on the HiveLegacy exploit or indicated a timeline for a potential fix beyond its regular security update cycle.