Windows 0-day drops the same day Microsoft releases record number of patches
Summary
A security researcher released code for a new exploit called HiveLegacy that lets non-administrator Windows users make changes to administrator accounts. Microsoft is investigating this vulnerability after releasing many security patches, and users can protect themselves by using detection tools and monitoring their systems.Key Facts
- A researcher named NightmareEclypse published an exploit called HiveLegacy for Windows on the same day Microsoft released many security updates.
- HiveLegacy targets a vulnerability in the Windows User Profile Service.
- It allows users with limited rights to alter the registry settings of administrator accounts, potentially gaining admin-level control.
- The exploit requires knowing another user’s password and the username of a third account on the computer.
- Microsoft is aware of the exploit and is investigating the issue.
- The exploit uses the way Windows loads user settings during login, which runs with high system privileges.
- Independent security experts have provided detection scripts and advice on monitoring Windows system activity to prevent this exploit.
- Restricting the creation of local accounts and watching for unusual system behavior can help block attacks using HiveLegacy.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.