• 2 min read
Windows 11 zero-day LegacyHive targets user hives
A new Windows 11 local privilege escalation flaw, LegacyHive, could let attackers move from low to high privileges after gaining device access.

Image: TechRadar
Security researcher Chaotic Eclipse has published details of another Windows 11 zero-day, this time a local privilege escalation bug called LegacyHive that targets user registry hives.
According to TechRadar, the flaw could let an attacker with existing access to a device gain privileged read-write access to other users' hives, effectively turning a low-privileged account into a high-privileged one. In Windows, user hives are registry files that store settings tied to individual accounts, including desktop preferences, app settings, network drive mappings, and security and privacy options.
This is the latest release in an ongoing dispute between Chaotic Eclipse and Microsoft. A few months ago, the researcher began publishing working exploits for fully patched Windows 11 systems, arguing that Microsoft treated researchers unfairly. They have released seven exploits in total and had promised a “bone-shattering” release on July 14, 2026.
Microsoft had previously criticized the researcher for not disclosing flaws responsibly and at one point threatened possible legal action. The company did not follow through, and later backed away from the threat after public backlash, TechRadar said.

Recommended reading
One in six PCs still run Windows 10
LegacyHive appears less severe than some of the researcher’s earlier disclosures for two reasons: it requires some prior access to the target device, and it was released without a CVE identifier or a fully functional proof of concept. Even so, security experts cited by the report warned that capable attackers may be able to fill in the missing pieces quickly.
TechRadar said intelligence and security teams should move fast on mitigations despite the flaw’s lower apparent impact.
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via TechRadar


