Zero-Day Exploit Published Hours After Microsoft's Record Patch Release
Exploit code published for Windows 0-day vulnerability hours after Microsoft releases record number of security patches.

Right on the heels of Microsoft releasing a record number of security patches, a researcher has published exploit code that can enable low-privilege Windows accounts to make sensitive changes to administrator accounts. The exploit, which multiple researchers say works, is sending Microsoft scrambling, yet again, to patch a zero-day released by an anonymous researcher who has complained about the software maker’s handling of their bug reports. To date, the pseudonymous NightmareEclypse has published nine such exploits, including Tuesday’s HiveLegacy.
The researcher said the proof-of-concept code included in the report was stripped down to prevent attackers from using it maliciously. HiveLegacy is an elevation-of-privilege exploit that targets a vulnerability residing in the Windows User Profile Service. It allows users (and with more work likely processes) with limited system rights to compromise an admin user's account by modifying its classes registry hive, a resource that ensures the correct application opens when certain types of files are clicked on in Windows Explorer.
Why this matters: The publication of this zero-day exploit, especially on the same day as a record patch release, highlights the ongoing challenges Microsoft faces in securing its vast and complex software ecosystem. For developers and businesses, this serves as a reminder of the importance of staying vigilant and proactive in applying security patches and implementing robust security measures. For consumers, it underscores the need for cautious behavior when interacting with Windows systems, particularly when using accounts with limited privileges.
As the exploit code becomes more widely available, the risk of attacks leveraging this vulnerability increases, leaving open questions about the effectiveness of Microsoft's bug bounty program and the anonymous researcher's motivations for publishing exploit code.
Source: Ars Technica