Microsoft has released a security update to address a zero-day vulnerability in the Windows Kernel (CVE-2025-62215) that could allow attackers to escalate privileges to System level.
Severity level:-
CVSS Score: 7.0 /High.
Description:- Windows Kernel is the core component of the Windows operating system responsible for managing system resources and hardware interactions. CVE-2025-62215 is a race condition vulnerability caused by improper synchronization when multiple threads access shared kernel resources concurrently. An attacker with local access can exploit this flaw by running a specially crafted application that triggers the race condition, potentially leading to memory corruption and privilege escalation.
Affected Versions :-
- Windows 10.
- Windows 11.
- Windows Server 2019 through Windows server 2025.
Impact:-
Successful exploitation allows attackers to escalate privileges to SYSTEM level, giving full control over the affected machine.
Resolution:-
Microsoft has released patches to address this vulnerability. the latest patched versions of Windows Server as provided by Microsoft. If immediate patching is not feasible:
- Restrict local access to trusted users only.
- Monitor for unusual kernel-level activity.
Reference:-
UIT Information Security