Chaotic Eclipse Releases LegacyHive Windows PoC After Microsoft Patches 622 Flaws
Updated
Updated · The Hacker News · Jul 15
Chaotic Eclipse Releases LegacyHive Windows PoC After Microsoft Patches 622 Flaws
3 articles · Updated · The Hacker News · Jul 15
Summary
LegacyHive targets the Windows User Profile Service and can let a standard user mount another user's registry hive, creating an elevation-of-privilege path on all supported Windows desktop and server versions.
Chaotic Eclipse said the public PoC was deliberately stripped down—it needs another user's credentials and a third username—while the original exploit was broader and worked even on systems fully updated with July 2026 Patch Tuesday.
The release extends a months-long clash with Microsoft over disclosure handling; earlier disclosures by the researcher were followed by active exploitation of three Defender flaws, and Microsoft is also investigating a new 8-byte Defender data leak tied to a recent fix.
Microsoft's July update landed amid wider pressure, patching a record 622 vulnerabilities, while CISA separately warned that multiple SharePoint Server flaws are under active exploitation and ordered federal agencies to apply key fixes by July 17 and July 28.
A former employee is leaking Microsoft's secrets. Can the tech giant stop the ultimate insider threat?
A researcher's doomsday switch is set for today. Will Microsoft's security face its biggest test yet?
Nightmare Eclipse’s RoguePlanet Zero-Day (CVE-2026-50656): 29 Days of Exposure, Vendor-Researcher Breakdown, and the Future of Cybersecurity Response
Overview
The RoguePlanet (CVE-2026-50656) zero-day vulnerability exposed a critical flaw in Microsoft Defender’s new defense-in-depth updates, allowing attackers to exploit SMB connections and cause Defender to leak data, hang, and lock files. This process could exhaust a system’s disk space, leading to instability and widespread crashes. Microsoft responded quickly with an emergency patch on July 9, 2026, but the incident highlights how even advanced security tools can be turned against organizations. The event underscores the urgent need for rapid patching and vigilant system monitoring to defend against evolving threats.