Micropatches Released for Windows Installer Elevation of Privilege Vulnerability (CVE-2025-50173)

Micropatches Released for Windows Installer Elevation of Privilege Vulnerability (CVE-2025-50173)

SecurityVulns
Yanac

August 2025 Windows Updates brought a patch for CVE-2025-50173, a privilege escalation vulnerability in Windows Installer that could
allow a local low-privileged attacker to execute arbitrary code as Local
System user.This vulnerability is really an extension (or bypass, if you will), of CVE-2024-38014, which we had patched a year ago.  The Vulnerability The vulnerability was again in the “Repair” operation of Windows Installer, which has been patched many times in the past (see this article for context). Much like before, under certain conditions a non-admin user could perform the repair operation on an installed application and exploit the resulting elevated processes. Microsoft’s PatchMicrosoft’s patch changes the behavior of Windows Installer such that it requires elevation (i.e., admin credentials) when a repair operation is initiated. Our PatchOur patch is logically identical to Microsoft’s. Let’s see our patch in action. First, a low-privileged user initiates a repair operation on an already installed application that fulfills conditions for this vulnerability. Without 0patch, the repair operation concludes without a UAC (elevation) prompt. When the repair operation is attempted with 0patch enabled (and our patch for CVE-2025-50173 therefore applied), the user is required to provide administrative credentials.
  Micropatch AvailabilityMicropatches were written for the following security-adopted Windows versions:Windows 11 v21H2 – fully updatedWindows 10 v22H2 – fully updatedWindows 10 v21H2 – fully updatedWindows 10 v21H1 – fully updatedWindows 10 v20H2 – fully updatedWindows 10 v2004 – fully updatedWindows 10 v1909 – fully updatedWindows 10 v1809 – fully updatedWindows 10 v1803 – fully updatedWindows 7 – fully updated with no ESU, ESU 1, ESU 2 or ESU 3Windows Server 2008 R2 – fully updated with no ESU, ESU 1, ESU 2, ESU 3 or ESU 4Windows Server 2012 – fully updated with no ESU or ESU 1Windows Server 2012 R2 – fully updated with no ESU or ESU 1 Micropatches have already been distributed to, and applied on, all
affected online computers with 0patch Agent in PRO or Enterprise accounts (unless Enterprise group settings prevented that). Vulnerabilities like these get discovered on a regular basis, and
attackers know about them all. If you’re using Windows that aren’t
receiving official security updates anymore, 0patch will make sure these
vulnerabilities won’t be exploited on your computers – and you won’t
even have to know or care about these things. If you’re new to 0patch, create a free account
in 0patch Central,
start a free trial, then install and register 0patch Agent. Everything
else will happen automatically. No computer reboot will be needed.Did
you know 0patch security-adopted Windows 10 and Office 2016 and 2019 when they went out of
support this month, allowing you to keep using them for at least 3 more years (5 years for Windows 10)? Read more about it here and here. 
To learn more about 0patch, please visit our Help Center.  0patch BlogRead More