Plattform
windows
Komponente
windows-installer
Behoben in
10.0.10240.20890
10.0.14393.7699
10.0.17763.6775
10.0.19044.5371
10.0.19045.5371
10.0.22621.4751
10.0.22631.4751
10.0.22631.4751
10.0.26100.2894
6.1.7601.27520
6.1.7601.27520
6.0.6003.23070
6.0.6003.23070
6.2.9200.25273
6.2.9200.25273
6.3.9600.22371
6.3.9600.22371
10.0.14393.7699
10.0.14393.7699
10.0.17763.6775
10.0.17763.6775
10.0.20348.3091
10.0.25398.1369
10.0.26100.2894
10.0.26100.2894
CVE-2025-21287 describes a privilege escalation vulnerability within the Windows Installer component. Successful exploitation allows an attacker to gain elevated privileges on a targeted system, potentially leading to full system compromise. This vulnerability impacts Windows versions up to and including 10.0.26100.2894. A security update has been released to address this issue.
This vulnerability allows a local attacker to execute code with elevated privileges. An attacker could leverage this to install malicious software, modify system configurations, steal sensitive data, or gain persistent access to the system. The impact is particularly severe in environments where user accounts have limited privileges, as this vulnerability bypasses those restrictions. The potential for lateral movement within a network is significant if the attacker can compromise a system with administrative access.
CVE-2025-21287 was publicly disclosed on January 14, 2025. Its inclusion in the KEV catalog and EPSS score are currently pending evaluation. Public proof-of-concept exploits are not yet widely available, but the nature of privilege escalation vulnerabilities often makes them attractive targets for exploitation. Monitor security advisories and threat intelligence feeds for any indications of active campaigns targeting this vulnerability.
Systems administrators managing Windows environments are at significant risk. Users with administrative privileges, particularly those who frequently install software via the Windows Installer, are also vulnerable. Organizations relying on legacy Windows configurations or shared hosting environments with limited control over the underlying operating system should prioritize patching.
• Windows: Use Windows Defender to scan for suspicious processes leveraging the Windows Installer service.
Get-Process | Where-Object {$_.ProcessName -like '*msiexec*' -and $_.CPU -gt 10} | Stop-Process -Force• Windows: Check Autoruns for unusual entries related to the Windows Installer.
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' | Select-Object -ExpandProperty Values• Windows: Examine Windows Event Logs for errors or warnings related to the Windows Installer service. Filter for Event ID 1000 or higher with source 'Msisetup'. • Windows: Monitor scheduled tasks for any newly created or modified tasks that utilize the Windows Installer.
disclosure
Exploit-Status
EPSS
0.22% (44% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to apply the security update released by Microsoft, upgrading to version 10.0.26100.2894 or later. If immediate patching is not feasible, consider implementing stricter user account controls and limiting the privileges granted to standard user accounts. While a direct workaround is unavailable, monitoring Windows Installer activity for unusual behavior can provide early detection. Regularly review and update Group Policy settings to enforce security best practices.
Aplique las actualizaciones de seguridad proporcionadas por Microsoft para corregir la vulnerabilidad de elevación de privilegios en Windows Installer. Consulte el boletín de seguridad de Microsoft (CVE-2025-21287) para obtener más detalles e instrucciones específicas para su versión de Windows. La actualización solucionará el problema que permite a un atacante elevar privilegios.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-21287 is a HIGH severity vulnerability in the Windows Installer service allowing attackers to gain elevated privileges. It affects Windows versions 10.0.26100.2894 and earlier.
You are affected if you are running Windows versions 10.0.26100.2894 or earlier. Check your system version against the affected versions listed in the advisory.
Upgrade your Windows system to version 10.0.26100.2894 or later to receive the security fix. Ensure automatic updates are enabled.
As of January 14, 2025, there are no confirmed reports of active exploitation, but the high CVSS score indicates a potential for future exploitation.
Refer to the official Microsoft Security Update Guide for CVE-2025-21287: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21287](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21287)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.