About Elevation of Privilege – Windows Process Activation (CVE-2025-21204) vulnerability

About Elevation of Privilege – Windows Process Activation (CVE-2025-21204) vulnerability. This vulnerability from the April Microsoft Patch Tuesday was not highlighted by VM vendors in their reviews. It affects the Windows Update Stack component and is related to improper link resolution before file access (CWE-59).

🔻 On April 14, researcher Elli Shlomo (CYBERDOM) published a write-up and exploit code to gain SYSTEM privileges. On April 27, after reports that the exploit didn’t work, he removed it and promised to revise it. 🤔 Exploitability remains unclear.

🔻 On April 22, researcher Kevin Beaumont reported that the fix for this vulnerability, involving the creation of the folder, introduces a new denial-of-service vulnerability. It allows non-admin users to block the installation of Windows security updates. Microsoft responded that they don’t plan to fix it promptly. 🤷‍♂️ For now, it’s recommended to monitor for malicious activity.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.