CVE-2025-24076

Name of the Vulnerable Software and Affected Versions Microsoft Windows 11 version 22H2 Microsoft Windows versions prior to 10.0.22621.0

Description An improper access control issue exists within the Windows Cross Device Service. This allows an authorized attacker to gain elevated privileges locally. The vulnerability enables attackers to potentially affect the system and rapidly escalate to administrator privileges, with some reports indicating this can occur within 300 milliseconds. A proof-of-concept (PoC) exploit is available. The issue stems from flaws in access control within the Cross Device Service.

Recommendations Microsoft Windows 11 version 22H2: Update to version 10.0.22621.0 or later. Microsoft Windows versions prior to 10.0.22621.0: Update to the latest available version.