Summary: A security researcher has released a proof-of-concept exploit for CVE-2025-21333, a significant zero-day vulnerability in Windows Hyper-V that allows attackers to gain SYSTEM privileges. Microsoft has patched this flaw in the January 2025 Patch Tuesday update, but the PoC demonstrates sophisticated exploitation techniques. Users are urged to apply the latest security updates to protect against potential attacks leveraging this vulnerability.
Affected: Windows Hyper-V
Keypoints :
- The vulnerability has a CVSS score of 7.8, indicating high severity.
- The PoC exploits the vkrnlintvsp.sys driver through a technique that allows for arbitrary read/write capabilities in the Windows kernel.
- Successful testing of the exploit was conducted on Windows 11 23H2, and significant risks persist without timely patching.
Source: https://securityonline.info/windows-hyper-v-zero-day-cve-2025-21333-poc-drops-system-access-exposed/