Windows Projected File System Privilege Escalation

HIGH (7.8)
cwe-126cwe-190local-accessmicrosoftprivilege-escalationprojected-file-systemwindows

Threat Intelligence

Low Risk
EPSS Score: 0.08% chance of exploitation (percentile: 24%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Windows Projected File System is a feature that allows users to access files on their local machine from a remote desktop session. This vulnerability, CVE-2025-62467, allows an authorized attacker to elevate privileges locally by exploiting an integer overflow or wraparound in the Windows Projected File System.

Am I affected?

You're affected if you use Integer overflow or wraparound. Specific version info not stated in the advisory.

How to fix

  1. Apply the security update from Microsoft Security Response Center (https://www.microsoft.com/en-us/safety/online-attack-center/update.aspx).
  2. Immediately disable the Projected File System feature in your remote desktop settings.

References