Cybersecurity 11 h ago0Add to bookmarks

The "serial tormentor" of Microsoft, known for its spectacular 0-days, has released LegacyHive. Researchers' verdict: useful in post-compromise scenarios, far from the devastating vulnerability promised.
A researcher (or group) known in the community as the "Microsoft serial tormentor" - a recurrent author of Windows 0-days for several years - has just published LegacyHive, presented in advance as a "bone-shattering" zero-day. According to The Register (July 15, 2026), the verdict of analysts who looked at the PoC (Proof of Concept) is more measured: it's an interesting tool, but usable only post-compromise, and far from the announced devastation.
The name LegacyHive is a strong indicator: the vulnerability affects hives of the Windows registry related to legacy components (probably authentication or configuration mechanisms inheriting from old versions of NT). Exploitation apparently requires:
In short: this is not an unauthenticated RCE. We are in the chained LPE (Local Privilege Escalation), or the post-exploitation persistence trick. Useful in a complete kill chain, not enough to build an Internet worm.
HKLM\SYSTEM\CurrentControlSet\..., SECURITY, SAM).Article produced by artificial intelligence, reviewed under human editorial control.