CVE-2025-27470 – This vulnerability in Windows Standards-Based S... (How to Fix)

Q: What is the severity of CVE-2025-27470?

CVE-2025-27470 has a CVSS score of 7.5 (HIGH). This vulnerability in Windows Standards-Based Storage Management Service allows unauthorized attackers to cause denial of service by consuming system resources. Attackers can exploit this over a network to make affected systems unresponsive. All Windows systems running the vulnerable service are affected.

📋 TL;DR

This vulnerability in Windows Standards-Based Storage Management Service allows unauthorized attackers to cause denial of service by consuming system resources. Attackers can exploit this over a network to make affected systems unresponsive. All Windows systems running the vulnerable service are affected.

💻 Affected Systems

Products:

Windows Standards-Based Storage Management Service

Versions: Specific versions not yet detailed in public advisory

Operating Systems: Windows Server and Windows Client versions with the vulnerable service

Default Config Vulnerable: ⚠️ Yes

Notes: Service may be enabled by default on certain Windows Server configurations

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability requiring reboot, potentially affecting multiple systems in an enterprise environment

🟠

Likely Case

Degraded performance or temporary service disruption affecting storage management operations

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring in place

🌐 Internet-Facing: MEDIUM - Attack requires network access but no authentication, though service may not be internet-exposed by default

🏢 Internal Only: HIGH - Internal attackers or compromised systems can easily exploit this without authentication

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-400 vulnerabilities typically involve resource exhaustion attacks that are relatively simple to execute

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined from Microsoft Security Update

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27470

Restart Required: Yes

Instructions:

1. Check Microsoft Security Update Guide for CVE-2025-27470. 2. Download and install the appropriate security update for your Windows version. 3. Restart the system as required.

🔧 Temporary Workarounds

Disable Standards-Based Storage Management Service

windows

Temporarily disable the vulnerable service if not required

sc config WSSMService start= disabled
sc stop WSSMService

Network Segmentation

windows

Restrict network access to the service using firewall rules

New-NetFirewallRule -DisplayName "Block WSSM" -Direction Inbound -Protocol TCP -LocalPort 5985,5986 -Action Block

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the service
Monitor system resource usage and set alerts for abnormal consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check if WSSMService is running and if system has unpatched Windows version

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify Windows Update history contains the security update for CVE-2025-27470

📡 Detection & Monitoring

Log Indicators:

Unusual resource consumption in System logs
Multiple failed service requests
Service crash events

Network Indicators:

High volume of traffic to storage management service ports
Unusual connection patterns to service

SIEM Query:

EventID=7031 OR EventID=7034 OR (EventLog=System AND Source=Service Control Manager AND Message contains "WSSM")

📊 Metadata

CVE ID: CVE-2025-27470

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 41.5% exploit probability (97.3th percentile)

Published: April 8, 2025

Last Updated: July 8, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27470 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27470, you might also want to check these: