Tag Archives: StorageSense

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint

Leave a reply

August In the Trend of VM (#18): vulnerabilities in Microsoft Windows and SharePoint

August “In the Trend of VM” (#18): vulnerabilities in Microsoft Windows and SharePoint. A traditional monthly roundup – this time, it’s extremely short.

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

Only two trending vulnerabilities:

🔻 Remote Code Execution – Microsoft SharePoint Server “ToolShell” (CVE-2025-53770). The vulnerability is being widely exploited; attackers may even have gained access to U.S. nuclear secrets. The vulnerability is also relevant for Russia.
🔻 Elevation of Privilege – Windows Update Service (CVE-2025-48799). The vulnerability affects Windows 10/11 installations with at least two hard drives.

На русском

About Elevation of Privilege – Windows Update Service (CVE-2025-48799) vulnerability

1 Reply

About Elevation of Privilege - Windows Update Service (CVE-2025-48799) vulnerability

About Elevation of Privilege – Windows Update Service (CVE-2025-48799) vulnerability. This vulnerability is from the July Microsoft Patch Tuesday. Improper link resolution before file access (‘link following’) in the Windows Update Service allows an authorized attacker to elevate privileges to “NT AUTHORITY\SYSTEM”.

🛠 An exploit for this vulnerability was published by researcher Filip Dragović (Wh04m1001) on July 8, the day of MSPT. In the exploit description, he states that the vulnerability affects Windows 10/11 systems with at least two hard drives. If the installation location for new apps is changed to the secondary drive (using Storage Sense), then during the installation of a new app, the wuauserv service will arbitrarily delete folders without checking for symbolic links, leading to to LPE.

🎞 In the demonstration video, Filip Dragović runs the EXE file and gets an administrator console.

👾 No signs of exploitation in the wild yet.

На русском