This flaw impacts multiple Windows 10/11 and Server versions, posing risks to enterprises and individual users alike.
| Aspect | Details |
|---|---|
| CVE ID | CVE-2025-21204 |
| CVSS 3.1 Score | 7.8 (High) |
| Affected Systems | Windows 10 (1507, 1607, 1809), Windows 11, Windows Server 2019/2025 |
| Impact | Local privilege escalation, SYSTEM-level code execution |
| Exploit Complexity | Low; no memory corruption or user interaction required |
The vulnerability stems from improper handling of directory junctions in the Windows Update Stack. Attackers with limited user privileges can redirect the trusted path C:ProgramDataMicrosoftUpdateStackTasks to a malicious location using symbolic links.
When SYSTEM-level processes like MoUsoCoreWorker.exe access this path, they execute attacker-controlled payloads, bypassing security checks.
Security analysts describe this as a “quiet privilege escalation” flaw, leveraging implicit trust in file systems rather than complex exploits.
As noted by Cyberdom researchers.
| Action | Details |
|---|---|
| Apply Patches | Install April 2025 cumulative update (KB5055523). |
| Restrict Directory Permissions | Tighten ACLs on C:ProgramDataMicrosoftUpdateStack. |
| Monitor File Activity | Detect junction creation in UpdateStack paths and C:inetpub. |
| Enforce Least Privilege | Use AppLocker or WDAC to block symbolic link creation. |
Microsoft’s patch introduces a preemptive security measure by creating C:inetpub on all systems, even those without IIS, to deter symbolic link attacks.
CVE-2025-21204 highlights the growing trend of exploiting filesystem trust over memory corruption. It was among 124 vulnerabilities addressed in Microsoft’s April 2025 Patch Tuesday, which also included fixes for an actively exploited CLFS zero-day (CVE-2025-29824).
Security teams are urged to prioritize patching and audit directory permissions to mitigate risks from such “low-level” yet high-impact flaws.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post Critical Vulnerability in Windows Update Stack Enables Code Execution and Privilege Escalation appeared first on Cyber Security News.
As part of a big Sonos Spring Sale event that started this week, Sonos is…
I have been on vacation or sick for most of the last two weeks. In…
The sixth book in the Harry Potter illustrated collection is releasing this October and the…
Netflix has reportedly picked Maxwell Jenkins to play Fred Jones, Tanner Hagen as Norville “Shaggy”…
Crimson Desert feels like it was designed in a lab by someone who wanted to…
Ahead of Easter, Target is offering the lowest price on a pair of Beats Studio…
This website uses cookies.