Plattform
windows
Komponente
windows-search-service
Behoben in
10.0.17763.6775
10.0.19044.5371
10.0.19045.5371
10.0.22621.4751
10.0.22631.4751
10.0.22631.4751
10.0.26100.2894
10.0.17763.6775
10.0.17763.6775
10.0.20348.3091
10.0.25398.1369
10.0.26100.2894
10.0.26100.2894
CVE-2025-21292 describes an elevation of privilege vulnerability within the Windows Search Service. Successful exploitation could allow an attacker to gain higher-than-expected system privileges. This vulnerability impacts Windows versions 10.0.26100.2894 and earlier. Microsoft has released a security update to address this issue.
This vulnerability allows a local attacker to escalate their privileges on a system running the vulnerable Windows Search Service. An attacker could exploit this to gain control of the entire system, install malicious software, steal sensitive data, or disrupt operations. The impact is particularly severe because the attacker only needs local access to trigger the vulnerability, bypassing many common security controls. Successful exploitation could lead to complete system compromise, similar to privilege escalation vulnerabilities found in other Windows components.
CVE-2025-21292 was publicly disclosed on January 14, 2025. The vulnerability's exploitation context and potential for active exploitation are currently unknown. It is not listed on the CISA KEV catalog at the time of this writing. Public proof-of-concept code is not yet available.
Organizations running Windows 10 versions prior to 10.0.26100.2894 are at risk, particularly those with a large number of user accounts or systems with limited privilege configurations. Environments where local administrative access is frequently granted to non-administrative users are also at increased risk.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4688 -MessageText '*\Windows Search*'">• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -like '*searchindexer*'}• windows / supply-chain: Check Autoruns for unusual entries related to the Windows Search Service. • windows / supply-chain: Monitor Windows Defender for alerts related to privilege escalation attempts involving the Windows Search Service.
disclosure
Exploit-Status
EPSS
0.55% (68% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to apply the security update released by Microsoft, upgrading to version 10.0.26100.2894 or later. If immediate patching is not possible, consider restricting access to the Windows Search Service and implementing stricter user account controls. While a direct workaround is unavailable, ensuring least privilege principles are enforced can reduce the potential impact. After upgrade, confirm the vulnerability is resolved by attempting to reproduce the exploit scenario in a test environment.
Actualice su sistema operativo Windows a la última versión disponible a través de Windows Update. Esto instalará la versión corregida del servicio de búsqueda de Windows y solucionará la vulnerabilidad de elevación de privilegios. Asegúrese de aplicar todas las actualizaciones de seguridad tan pronto como estén disponibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-21292 is a HIGH severity vulnerability in the Windows Search Service allowing attackers to gain elevated privileges. It affects Windows versions up to 10.0.26100.2894, with a CVSS score of 8.8.
You are affected if you are running Windows 10 versions at or below 10.0.26100.2894. Check your system version and apply the provided patch to mitigate the risk.
Upgrade your Windows installation to version 10.0.26100.2894 or later to receive the security patch. Ensure automatic updates are enabled to receive future security fixes.
Currently, there is no public evidence of active exploitation of CVE-2025-21292, but it's crucial to apply the patch proactively to prevent potential future attacks.
Refer to the official Microsoft Security Update Guide for CVE-2025-21292: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21292]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.