Microsoft has released a fix for CVE-2025-64669, addressing a local privilege escalation vulnerability we reported in Windows Admin Center.
This issue allowed low privileged users to escalate to SYSTEM by abusing trusted components under insecure filesystem permissions. Microsoft validated the finding and shipped a fix as part of the latest update.
This CVE represents only the first vulnerability from our research.
We identified four distinct vulnerabilities during the investigation, and additional fixes and disclosures are coming.
More details soon.
Stay tuned.