Critical Flaw in Microsoft PC Manager Opens Door to Full System Control

Windows News Team 10 months ago Updated 8 months ago 0 views

Microsoft PC Manager is vulnerable to a critical elevation of privilege flaw (CVE-2025-47993) that could allow a local authenticated attacker with low privileges to obtain full SYSTEM rights on affected Windows machines. The flaw stems from improper handling of symbolic links and has a high CVSS score of 7.8. Microsoft patched the issue in the July 2025 Patch Tuesday, as the exploit could enable malware deployment, ransomware, or disabling security on compromised systems.

Critical Flaw in Microsoft PC Manager Opens Door to Full System Control

A critical elevation of privilege vulnerability, identified as CVE-2025-47993, has been discovered in Microsoft PC Manager, allowing a local attacker to gain full administrator rights on affected Windows systems. The flaw, rooted in the improper handling of symbolic links, was addressed by Microsoft as part of its July 2025 Patch Tuesday updates.

The vulnerability, which carries a high severity CVSS score of 7.8, enables an authenticated attacker with low-level privileges to escalate their permissions to SYSTEM, the highest level of user rights on Windows. This complete control over a compromised machine could be leveraged to deploy malware, install ransomware, or disable security software, posing a significant threat to system integrity.

The core of the issue lies in a "link following" or "symlink attack" vector. An attacker can create a symbolic link—a type of shortcut—that points to a critical system file or directory. When Microsoft PC Manager, which operates with elevated privileges, performs routine maintenance tasks like system cleanup or updates, it can be tricked into following this malicious symlink. Due to insufficient validation, the software then performs privileged operations, such as file deletion, permission changes, or overwriting, on the attacker's chosen target.

This type of vulnerability is particularly dangerous as it can serve as a crucial second stage in a larger attack chain. An attacker who has gained initial access to a system through other means, such as a phishing attack or by exploiting a different vulnerability, could then use CVE-2025-47993 to gain complete control.

Affected Systems and Mitigation

The vulnerability affects several recent versions of the Windows operating system, including:

Windows 11 Version 24H2
Windows Server 2025
Windows Server 2022, 23H2 Edition

Microsoft has released security updates to remedy this flaw. System administrators and users are strongly urged to apply the latest patches for Microsoft PC Manager to protect their systems. At present, there are no known public proof-of-concept exploits for CVE-2025-47993. However, given the history of similar vulnerabilities, security researchers advise prompt patching.

Beyond applying the immediate patch, security best practices recommend implementing the principle of least privilege, where users and applications are only granted the permissions essential for their function. Monitoring for suspicious symbolic link creation and ensuring endpoint protection solutions are up-to-date can also help mitigate the risk of such attacks.