CVE-2025-21322 – Microsoft PC Manager contains an elevation of p... (How to Fix)

Q: What is the severity of CVE-2025-21322?

CVE-2025-21322 has a CVSS score of 7.8 (HIGH). Microsoft PC Manager contains an elevation of privilege vulnerability (CWE-59) that allows authenticated attackers to gain SYSTEM-level privileges on affected systems. This affects users running vulnerable versions of Microsoft PC Manager on Windows systems. Attackers must already have local access to exploit this vulnerability.

📋 TL;DR

Microsoft PC Manager contains an elevation of privilege vulnerability (CWE-59) that allows authenticated attackers to gain SYSTEM-level privileges on affected systems. This affects users running vulnerable versions of Microsoft PC Manager on Windows systems. Attackers must already have local access to exploit this vulnerability.

💻 Affected Systems

Products:

Microsoft PC Manager

Versions: Versions prior to the security update

Operating Systems: Windows 10, Windows 11

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Microsoft PC Manager to be installed and running. Part of Windows optional utilities.

📦 What is this software?

Pc Manager by Microsoft

View all CVEs affecting Pc Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full SYSTEM privileges, enabling complete system compromise, data theft, persistence establishment, and lateral movement capabilities.

🟠

Likely Case

Privileged user or malware with initial access escalates to SYSTEM to bypass security controls, install additional malware, or access protected resources.

🟢

If Mitigated

Limited impact due to layered defenses, but still enables privilege escalation within the compromised system.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: HIGH - Significant risk for lateral movement and privilege escalation within enterprise environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated user access. Exploitation involves improper link resolution (CWE-59).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest security update from Microsoft

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21322

Restart Required: No

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all available security updates. 4. Verify Microsoft PC Manager is updated to latest version.

🔧 Temporary Workarounds

Disable Microsoft PC Manager

Windows

Uninstall or disable Microsoft PC Manager to remove attack surface

winget uninstall Microsoft.PCManager

Restrict local user privileges

all

Implement least privilege principle to limit initial access

🧯 If You Can't Patch

Implement application allowlisting to prevent unauthorized process execution
Enable Windows Defender Application Control or similar solutions

🔍 How to Verify

Check if Vulnerable:

Check Microsoft PC Manager version and compare against patched version in advisory

Check Version:

winget show Microsoft.PCManager

Verify Fix Applied:

Verify Windows Update history shows security update installed and PC Manager version is updated

📡 Detection & Monitoring

Log Indicators:

Unexpected SYSTEM privilege processes spawned from user context
Microsoft PC Manager process anomalies

Network Indicators:

None - local exploitation only

SIEM Query:

Process Creation where ParentImage contains 'pcmanager.exe' and IntegrityLevel='System'

📊 Metadata

CVE ID: CVE-2025-21322

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-59

EPSS Score: 0.27% exploit probability (49.7th percentile)

Published: February 11, 2025

Last Updated: February 28, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21322 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-21322, you might also want to check these: