प्लेटफ़ॉर्म
windows
घटक
windows-installer
में ठीक किया गया
10.0.10240.20890
10.0.14393.7699
10.0.17763.6775
10.0.19044.5371
10.0.19045.5371
10.0.22621.4751
10.0.22631.4751
10.0.22631.4751
10.0.26100.2894
6.1.7601.27520
6.1.7601.27520
6.0.6003.23070
6.0.6003.23070
6.2.9200.25273
6.2.9200.25273
6.3.9600.22371
6.3.9600.22371
10.0.14393.7699
10.0.14393.7699
10.0.17763.6775
10.0.17763.6775
10.0.20348.3091
10.0.25398.1369
10.0.26100.2894
10.0.26100.2894
CVE-2025-21287 describes a privilege escalation vulnerability within the Windows Installer service. Successful exploitation allows an attacker to gain elevated privileges on a targeted system, potentially leading to complete system compromise. This vulnerability impacts Windows versions up to and including 10.0.26100.2894. Microsoft has released a security update to address this issue.
The Windows Installer Elevation of Privilege vulnerability allows a malicious actor to bypass security restrictions and execute code with elevated privileges. This could involve gaining control of user accounts with administrative rights, installing malicious software, modifying system configurations, or accessing sensitive data. The potential impact is significant, as an attacker could effectively take over the entire system. While specific exploitation details remain limited, the ability to escalate privileges within the Windows Installer service represents a serious security risk, particularly in environments where user accounts have elevated permissions or where the installer is used to deploy software from untrusted sources.
CVE-2025-21287 was publicly disclosed on January 14, 2025. As of this date, it is not listed on the CISA KEV catalog. Public proof-of-concept exploits are currently unavailable, but the high CVSS score suggests a potential for future exploitation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Systems administrators managing Windows environments are at significant risk. Users with administrative privileges, particularly those who frequently install software via the Windows Installer, are also vulnerable. Organizations relying on legacy Windows configurations or shared hosting environments with limited control over the underlying operating system should prioritize patching.
• Windows: Use Windows Defender to scan for suspicious processes leveraging the Windows Installer service.
Get-Process | Where-Object {$_.ProcessName -like '*msiexec*' -and $_.CPU -gt 10} | Stop-Process -Force• Windows: Check Autoruns for unusual entries related to the Windows Installer.
Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' | Select-Object -ExpandProperty Values• Windows: Examine Windows Event Logs for errors or warnings related to the Windows Installer service. Filter for Event ID 1000 or higher with source 'Msisetup'. • Windows: Monitor scheduled tasks for any newly created or modified tasks that utilize the Windows Installer.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.22% (44% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-21287 is to upgrade affected Windows systems to version 10.0.26100.2894 or later, as this version contains the security fix. If immediate patching is not feasible, consider implementing stricter user access controls to limit the potential impact of a successful exploit. Reviewing and restricting the software installed via Windows Installer can also reduce the attack surface. While a direct workaround is unavailable, ensuring that only trusted sources are used for software installation is crucial.
Aplique las actualizaciones de seguridad proporcionadas por Microsoft para corregir la vulnerabilidad de elevación de privilegios en Windows Installer. Consulte el boletín de seguridad de Microsoft (CVE-2025-21287) para obtener más detalles e instrucciones específicas para su versión de Windows. La actualización solucionará el problema que permite a un atacante elevar privilegios.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-21287 is a HIGH severity vulnerability in the Windows Installer service allowing attackers to gain elevated privileges. It affects Windows versions 10.0.26100.2894 and earlier.
You are affected if you are running Windows versions 10.0.26100.2894 or earlier. Check your system version against the affected versions listed in the advisory.
Upgrade your Windows system to version 10.0.26100.2894 or later to receive the security fix. Ensure automatic updates are enabled.
As of January 14, 2025, there are no confirmed reports of active exploitation, but the high CVSS score indicates a potential for future exploitation.
Refer to the official Microsoft Security Update Guide for CVE-2025-21287: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21287](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21287)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।