**Name of the Vulnerable Software and Affected Versions:**

Windows Update Service versions prior to July 8, 2025

**Description:**

An improper link resolution vulnerability exists prior to file access within the Windows Update Service. This allows an authorized attacker to elevate privileges locally. The vulnerability affects Windows 10 and Windows 11 clients with at least two hard drives. Exploitation involves manipulating symbolic links, potentially enabling arbitrary file deletion and privilege escalation. The vulnerability was addressed by Microsoft by adding a check for symbolic links for the user-supplied path.

**Recommendations:**

Update the Windows Update Service to the version released on or after July 8, 2025.