The Windows Projected File System is a feature that allows users to access files on their local machine from external devices. This vulnerability, CVE-2025-55233, allows an authorized attacker to elevate privileges locally by exploiting an out-of-bounds read in the Windows Projected File System.
You're affected if you use Out-of-bounds read. Specific version info not stated in the advisory.
Upgrade to Windows 11 or later versions.
- For immediate mitigations:
- Disable the Windows Projected File System feature: Go to Settings > System > Display > Projected window settings and toggle off "Projected window".
- Restrict access to your local machine using a firewall or network segmentation.