- Joined
- Nov 29, 2022
- Messages
- 1,334
- Reaction score
- 119
Project Zero is Google's well-reputed security team that is tasked with finding security flaws in the company's own products as well as those developed by others. Discovered security bugs are privately reported to vendors after which they are allotted 90 days to patch them. If this deadline is exceeded, the security issue is made public, which serves as a way to apply more pressure on the vendor and also give customers a chance to secure themselves independently. In some complex cases, a grace extension period is also awarded. In the past, Google Project Zero has reported bugs in CentOS, libxslt, ChromeOS, and Windows. Now, the team has disclosed a security flaw in Insider versions of Windows 11.
In a highly technical report on the Project Zero issue tracker, it can be seen that security researcher James Forshaw discovered an elevation of privilege (EoP) bug in Windows 11's Insider Preview releases. This issue was present in the Administrator Protection feature that is an upcoming Windows 11 capability that enables just-in-time elevation privileges only when needed through Windows Hello and an isolated admin token. However, during their investigation, Forshaw discovered that Administrator Protection has a flaw that allows a process with low privileges to hijack a UI access process which can further be used to gain administrator privileges. The researcher reported this vulnerability privately to Microsoft on August 8, which meant that the company had until November 6 to fix it. After receiving an extension for this deadline, the Redmond tech giant was able to deliver a patch on November 12, also thanking Forshaw for his contribution in CVE-2025-60718.
Although the matter was considered closed, Forshaw recently reopened the issue, stating that the patch is incomplete and it does not mitigate the flaw fully. As a result, the security bug has been made public, following radio silence from Microsoft. While the flaw is now public knowledge, it is worth noting that it's not something you should be sitting in constant fear of. It is a local privilege escalation attack, which means that an attacker needs to have physical access to the PC in order to run arbitrary code and exploit it. Furthermore, Administrator Protection is only available on select Windows 11 Insider builds and needs to enabled manually anyway for it to take effect. As such, the pool of potentially affected customers is quite small at this point. That said, it is important that Microsoft further investigates Forshaw's findings and patches them ahead of the eventual general availability of Administrator Protection in Windows 11.
In a highly technical report on the Project Zero issue tracker, it can be seen that security researcher James Forshaw discovered an elevation of privilege (EoP) bug in Windows 11's Insider Preview releases. This issue was present in the Administrator Protection feature that is an upcoming Windows 11 capability that enables just-in-time elevation privileges only when needed through Windows Hello and an isolated admin token. However, during their investigation, Forshaw discovered that Administrator Protection has a flaw that allows a process with low privileges to hijack a UI access process which can further be used to gain administrator privileges. The researcher reported this vulnerability privately to Microsoft on August 8, which meant that the company had until November 6 to fix it. After receiving an extension for this deadline, the Redmond tech giant was able to deliver a patch on November 12, also thanking Forshaw for his contribution in CVE-2025-60718.
Although the matter was considered closed, Forshaw recently reopened the issue, stating that the patch is incomplete and it does not mitigate the flaw fully. As a result, the security bug has been made public, following radio silence from Microsoft. While the flaw is now public knowledge, it is worth noting that it's not something you should be sitting in constant fear of. It is a local privilege escalation attack, which means that an attacker needs to have physical access to the PC in order to run arbitrary code and exploit it. Furthermore, Administrator Protection is only available on select Windows 11 Insider builds and needs to enabled manually anyway for it to take effect. As such, the pool of potentially affected customers is quite small at this point. That said, it is important that Microsoft further investigates Forshaw's findings and patches them ahead of the eventual general availability of Administrator Protection in Windows 11.