Windows Search Service Elevation of Privilege Vulnerability in Microsoft Products
CVE-2025-21292

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
14 January 2025

Summary

The Windows Search Service in Microsoft products contains a vulnerability that could allow an attacker to gain elevated privileges on a system. This flaw can be exploited when the compromised Windows Search Service fails to properly manage objects in memory. As a result, an unauthorized user could run arbitrary code with elevated permissions, potentially enabling them to install programs, view, change, or delete data, or create accounts with full user rights. To mitigate the risk, it is advised to apply the necessary patches provided by Microsoft.

Affected Version(s)

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.6775

Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.5371

Windows 10 Version 22H2 x64-based Systems 10.0.19045.0 < 10.0.19045.5371

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.