Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
New Windows Vulnerability PoC Released Post Patch Update

New Windows Vulnerability PoC Released Post Patch Update

Posted on July 15, 2026 By CWS

A recent release by security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, has drawn significant attention in the cybersecurity community. The researcher unveiled a proof-of-concept (PoC) exploit named LegacyHive, targeting Windows systems. This vulnerability, identified as an elevation of privileges issue within the Windows User Profile Service, affects all supported Windows versions, including those with the latest July 2026 Patch Tuesday updates.

Details of the LegacyHive Exploit

The LegacyHive vulnerability is linked to the Windows User Profile Service, also known as ProfSvc, which is integral for managing user accounts and environments on Windows systems. According to Chaotic Eclipse, utilizing this PoC requires credentials from a standard user and an optional third username, potentially an administrator account. If executed successfully, the exploit allows the mounting of the target user’s hive in the current user’s root classes.

Although the PoC shared by the researcher has been intentionally limited to prevent public exploitation, the original exploit reportedly did not require additional credentials and was not confined to the “usrclass.dat” hive. Chaotic Eclipse emphasized that any hive could be loaded using this vulnerability, provided the user has the necessary technical expertise.

Ongoing Disputes and Security Implications

The release of LegacyHive is the latest development in an ongoing conflict between Chaotic Eclipse and Microsoft. Since April 2026, the researcher has disclosed multiple exploits before Microsoft had the opportunity to issue patches, citing communication breakdowns with the tech giant. Notably, three vulnerabilities in Microsoft Defender were actively exploited shortly after being publicly disclosed.

In response to these vulnerabilities, Microsoft recently released updates for another security issue in Defender, known as RoguePlanet, which was initially disclosed by Chaotic Eclipse. However, these updates have inadvertently caused Microsoft Defender to leak data under certain conditions, prompting further investigation by Microsoft.

Focus on SharePoint Server Vulnerabilities

Simultaneously, Microsoft addressed a record number of 622 vulnerabilities in its latest patch release, including critical flaws in SharePoint Server and Active Directory Federation Services. Notably, two privilege escalation vulnerabilities in SharePoint Server (CVE-2026-56164) and Active Directory Federation Services (CVE-2026-56155) were identified as actively exploited, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) mandating urgent fixes.

CISA has highlighted the vulnerabilities affecting all supported versions of on-premises SharePoint Server, which allow attackers to gain unauthorized access and execute remote code. The flaws stem from missing authentication mechanisms and involve complex exploitation techniques, including deserialization and remote code execution, which are particularly concerning for Internet-facing servers.

Future Outlook and Recommendations

As Microsoft grapples with the surge in vulnerability disclosures, industry experts emphasize the need for robust and timely patch management. The recent developments underscore the importance of maintaining updated systems and applying security patches promptly to mitigate potential risks. Organizations are advised to remain vigilant, regularly audit their systems for vulnerabilities, and implement comprehensive security measures to protect against emerging threats.

The Hacker News Tags:CISA, cyber threat, Cybersecurity, Exploit, LegacyHive, Microsoft, Patch Tuesday, SharePoint Server, Vulnerability, Windows security

Post navigation

Previous Post: Dell Patches Critical PowerProtect Flaws Allowing Remote Access
Next Post: Cursor Flaw Risks Code Execution Vulnerability

Related Posts

North Korea-Linked npm Packages Pose Threat to Developers North Korea-Linked npm Packages Pose Threat to Developers The Hacker News
Microsoft Fixes Entra ID Flaw Allowing Identity Takeover Microsoft Fixes Entra ID Flaw Allowing Identity Takeover The Hacker News
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts The Hacker News
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages The Hacker News
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds The Hacker News
27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials 27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Vulnerability in Cursor Exposes Windows Systems
  • CISA Demands Urgent SharePoint Security Fixes
  • Close Approval Gaps in AI Ad Tech with Our Webinar
  • Critical Windows RDP Vulnerabilities Addressed by Microsoft
  • Cursor Flaw Risks Code Execution Vulnerability

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Vulnerability in Cursor Exposes Windows Systems
  • CISA Demands Urgent SharePoint Security Fixes
  • Close Approval Gaps in AI Ad Tech with Our Webinar
  • Critical Windows RDP Vulnerabilities Addressed by Microsoft
  • Cursor Flaw Risks Code Execution Vulnerability

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark