—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation vulnerability in Windows Kernel 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Windows 10 version 1809 from 10.0.17763.0 before 10.0.17763.8027

Windows 10 version 21H2 from 10.0.19044.0 before 10.0.19044.6575

Windows 10 version 22H2 from 10.0.19045.0 before 10.0.19045.6575

Windows 11 version 25H2 from 10.0.26200.0 before 10.0.26200.7171

Windows 11 version 22H3 from 10.0.22631.0 before 10.0.22631.6199

Windows 11 version 23H2 from 10.0.22631.0 before 10.0.22631.6199

Windows 11 version 24H2 from 10.0.26100.0 before 10.0.26100.7171

Windows server 2019 versions from 10.0.17763.0 before 10.0.17763.8027

Windows server 2019 (Server Core installation) versions from 10.0.17763.0 before 10.0.17763.8027

Windows server 2022 versions from 10.0.20348.0 before 10.0.20348.4405

Windows server 2025 versions from 10.0.26100.0 before 10.0.26100.7171

Windows server 2025 (Server Core installation) versions from 10.0.26100.0 before 10.0.26100.7171

Windows Server 2022, 23H2 (Server Core installation) versions from 10.0.25398.0 before 10.0.25398.1965

Note: Organizations should verify exact build numbers via the Microsoft advisory, as build-numbers and superseded updates may vary by channel (e.g., LTSC, ESU, Server Core).

Overview

A vulnerability has been reported in Microsoft windows kernel, which could allow an authorized attacker to elevate privileges locally on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft windows operating systems.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

This vulnerability in Microsoft windows kernel exists due to concurrent execution using shared resources with improper synchronization (race condition). An attacker with local, low-privilege access can trigger a race condition in the kernel component by forcing multiple threads to access a shared resource concurrently without proper locking or synchronization.

Successful exploitation of this vulnerability could allow an authorized attacker to elevate privileges locally on the targeted system.

Solution

Apply appropriate updates as mentioned:

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-62215

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-62215

References

Microsoft

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-62215

CVE Name

CVE-2025-62215

 

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkcipUACgkQ3jCgcSdc

ys+mPw//b1IbJ/fclYK6t2LmTmnxDkN788WJ8LAtbU7fRDj/BcKxT8KWeOLdO8Zg

jTUBsUe7qNGkLXZlmqmuqpbSbHmiEa4mc1aCDUzpQsk1ucE4PWDC9Lh389V3efiJ

R3Kul9KYOIJZ+m6hjEJYJVRuJkv8bC/XZdA14YDynrhFOnGp83lwYih3AI51l/g5

b0iS9nmdiFIral36d0ZkEGxJo9xdzo4S7HKFPfLHStM4AoVXc1qsrI9l6AwBmAb9

MCfP6yZfahyzRi3bB5ArmxXKjEyGvu1zTs5dQpelx5KXlISHGBSmtfJv4OC8Uv0H

hwc8yb1TnttiQjDwUBE5elD4FBwVCbB/fEeEnbRkhaETE5Szi1+Il6pNfC3dRQg4

GFxkNmqvyMaUXNPOj4MWaPjJIxNZF6Dk/z/uEqw2AyKRPN8hhhhlNqc+MD0aRIHS

qlkxRQFC66eu11DsMzKj88kzXAdQJiT109+k28VSbSkNa/0QXKVj9vJJFswi2u0P

xf3N8NzMVVuYJCXCCr9Bg2TRXM3902R1do2lA9QiQ6q67z6nSZMPB5zLciMngqLk

4/t5L07govTctsdd1FI7AclwpLHjrOm5c7vj1AlbtE6ukGtQ5Ay16/FnpYACFArm

AsSMR89eaCNGd5XSsqeKNA2GS4cL1l0MkqKWOfBUp01lzvkhFzw=

=lCTT

—–END PGP SIGNATURE—–