Tuesday, August 12, 2025

Posted by on

Micropatches Released for Windows Update Service Elevation of Privilege Vulnerability (CVE-2025-48799)

 

 

July 2025 Windows Updates brought a patch for CVE-2025-48799, a local privilege elevation vulnerability allowing a local non-administrative attacker to obtain administrative privileges. The vulnerability was found and reported to Microsoft by Filip Dragović.

 

The Vulnerability 

The vulnerability allows a low privileged user on a computer with at least two hard drives to confuse the Windows Update service into deleting a chosen folder. Arbitrary file or folder deletion can be turned into arbitrary code execution as Local System, as was first shown by Jonas Lykkegård in 2020 using Windows Error Reporting Service, and subsequently also by Abdelhamid Naceri using Windows Installer.

Filip kindly released a POC that can be used to reproduce the issue.

 

Microsoft's Patch

Microsoft patched this issue by adding a check for symbolic links for the user-supplied path. 

 

Our Patch

Our patch is logically identical to Microsoft's

Let's see our patch in action:


 

 

Micropatch Availability

Micropatches were written for the following security-adopted Windows versions:

  1. Windows 11 v21H2 - fully updated
  2. Windows 10 v21H2 - fully updated
  3. Windows 10 v21H1 - fully updated
  4. Windows 10 v20H2 - fully updated
  5. Windows 10 v2004 - fully updated
  6. Windows 10 v1909 - fully updated
  7. Windows 10 v1809 - fully updated
  8. Windows 10 v1803 - fully updated


Micropatches have already been distributed to, and applied on, all affected online computers with 0patch Agent in PRO or Enterprise accounts (unless Enterprise group settings prevented that).

Vulnerabilities like these get discovered on a regular basis, and attackers know about them all. If you're using Windows that aren't receiving official security updates anymore, 0patch will make sure these vulnerabilities won't be exploited on your computers - and you won't even have to know or care about these things.

If you're new to 0patch, create a free account in 0patch Central, start a free trial, then install and register 0patch Agent. Everything else will happen automatically. No computer reboot will be needed.

We'd like to thank Filip Dragović. for sharing their finding and their POC, which allowed us to reproduce the issue and create patches for our users.

Did you know 0patch will security-adopt Windows 10 when it goes out of support in October 2025, allowing you to keep using it for at least 5 more years? Read more about it here.

To learn more about 0patch, please visit our Help Center.






No comments:
Subscribe to: Posts (Atom)