Micropatches Released for Windows Installer Elevation of Privilege Vulnerability (CVE-2025-50173)

August 2025 Windows Updates brought a patch for CVE-2025-50173, a privilege escalation vulnerability in Windows Installer that could allow a local low-privileged attacker to execute arbitrary code as Local System user.

This vulnerability is really an extension (or bypass, if you will), of CVE-2024-38014, which we had patched a year ago. 

 

The Vulnerability 

The vulnerability was again in the "Repair" operation of Windows Installer, which has been patched many times in the past (see this article for context). Much like before, under certain conditions a non-admin user could perform the repair operation on an installed application and exploit the resulting elevated processes.

 

Microsoft's Patch

Microsoft's patch changes the behavior of Windows Installer such that it requires elevation (i.e., admin credentials) when a repair operation is initiated.

 

Our Patch

Our patch is logically identical to Microsoft's. 

Let's see our patch in action. First, a low-privileged user initiates a repair operation on an already installed application that fulfills conditions for this vulnerability. Without 0patch, the repair operation concludes without a UAC (elevation) prompt. When the repair operation is attempted with 0patch enabled (and our patch for CVE-2025-50173 therefore applied), the user is required to provide administrative credentials.

 

 

Micropatch Availability

Micropatches were written for the following security-adopted Windows versions:

1. Windows 11 v21H2 - fully updated
2. Windows 10 v22H2 - fully updated
3. Windows 10 v21H2 - fully updated
4. Windows 10 v21H1 - fully updated
5. Windows 10 v20H2 - fully updated
6. Windows 10 v2004 - fully updated
7. Windows 10 v1909 - fully updated
8. Windows 10 v1809 - fully updated
9. Windows 10 v1803 - fully updated
10. Windows 7 - fully updated with no ESU, ESU 1, ESU 2 or ESU 3
11. Windows Server 2008 R2 - fully updated with no ESU, ESU 1, ESU 2, ESU 3 or ESU 4
12. Windows Server 2012 - fully updated with no ESU or ESU 1
13. Windows Server 2012 R2 - fully updated with no ESU or ESU 1 

Micropatches have already been distributed to, and applied on, all affected online computers with 0patch Agent in PRO or Enterprise accounts (unless Enterprise group settings prevented that).

Vulnerabilities like these get discovered on a regular basis, and attackers know about them all. If you're using Windows that aren't receiving official security updates anymore, 0patch will make sure these vulnerabilities won't be exploited on your computers - and you won't even have to know or care about these things.

If you're new to 0patch, create a free account in 0patch Central, start a free trial, then install and register 0patch Agent. Everything else will happen automatically. No computer reboot will be needed.

Did you know 0patch security-adopted Windows 10 and Office 2016 and 2019 when they went out of support this month, allowing you to keep using them for at least 3 more years (5 years for Windows 10)? Read more about it here and here. 

To learn more about 0patch, please visit our Help Center.