Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges

Microsoft has addressed a critical vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) in the February 2025 Patch Tuesday security updates. The Microsoft Security Response Center website has more information about the patch and the other vulnerabilities addressed. Microsoft’s February 2025 Patch Tuesday addressed 67 vulnerabilities, including three critical and 53 essential severity vulnerabilities. The updates include patches for vulnerabilities in Microsoft Streaming Service, Windows LDAP, Windows NTLM, Windows DHCP Server, Microsoft Edge (Chromium-based), and Microsoft PC Manager. In its February 2025 Patch Tuesday release, Microsoft addressed this vulnerability. The patch includes fixes for 55 security flaws, among them four zero-day vulnerabilities, two of which are currently being exploited in the wild. The vulnerability was reported anonymously to Microsoft, and a security researcher subsequently published a proof-of-concept (PoC) exploit on GitHub. The types of vulnerabilities fixed include Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, and Remote Code Execution (RCE). The PoC exploit demonstrates DLL sideloading with cleanmgr.exe. DLL sideloading is a technique that enables an attacker to execute malicious code from within legitimate Windows binaries. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Feb 2025 04:15:10 +0000

Cyber News related to Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges

Windows 10 KB5034441 security update fails with 0x80070643 errors - Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. Windows 10 creates a recovery partition, usually around ...
1 year ago Bleepingcomputer.com

Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
6 months ago Unit42.paloaltonetworks.com

CVE-2024-51758 - Filament is a collection of full-stack components for accelerated Laravel development. All Filament features that interact with storage use the `default_filesystem_disk` config option. This allows the user to easily swap their storage driver to ...
5 months ago Tenable.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
2 weeks ago Cybersecuritynews.com

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com

Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
3 weeks ago Cybersecuritynews.com

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com

CVE-2022-49338 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules CT cleanup assumes that all tc rules were deleted first, and so is free to delete the CT shared resources (e.g the ...
1 month ago Tenable.com

New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
10 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

10 Best IT Asset Management Tools - 2025 - What is Good?What Could Be Better?Atera can seamlessly service and monitor Linux, Mac, and Windows systems.Sometimes, when deploying an update, patch management will fail.Using an administrator terminal, keep an eye on IT asset activity remotely.The ...
2 weeks ago Cybersecuritynews.com

Microsoft tests new Windows 11 tool to remotely fix boot crashes - Microsoft has begun testing a new Windows 11 tool called Quick Machine Recovery, which is designed to remotely deploy fixes for buggy drivers and configurations that prevent the operating system from starting. When enabled and a new driver or ...
3 weeks ago Bleepingcomputer.com

Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges - Microsoft has addressed a critical vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) in the February 2025 Patch Tuesday security updates. The Microsoft Security Response Center website has more information about the patch and the other ...
2 months ago Cybersecuritynews.com

CVE-2023-52792 - In the Linux kernel, the following vulnerability has been resolved: cxl/region: Do not try to cleanup after cxl_region_setup_targets() fails Commit 5e42bcbc3fef ("cxl/region: decrement ->nr_targets on error in cxl_region_attach()") tried to avoid ...
11 months ago Tenable.com

Top 10 Best Active Directory Management Tools in 2025 - SolarWinds Access Rights Manager (ARM) is a robust Active Directory management tool designed to enhance security and simplify user permissions management. Dameware Remote Everywhere (DRE) is a powerful Active Directory management tool that provides ...
2 weeks ago Cybersecuritynews.com

Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
11 months ago Bleepingcomputer.com CVE-2024-30051 CVE-2023-36033 RansomEXX Black Basta

North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
11 months ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian

CVE-2025-21739 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

CVE Prioritizer: Open-source tool to prioritize vulnerability patching - CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA's KEV catalog to offer insights into the probability of exploitation and the potential effects of ...
1 year ago Helpnetsecurity.com

Best Paid and Free OSINT Tools for 2024 - Open Source Intelligence tools are software applications or platforms used to collect, analyze, and interpret publicly available information from various online sources, aiding in investigations, research, and intelligence gathering. These OSINT ...
1 year ago Hackread.com

Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com

Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
10 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian

CVE-2024-42243 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago

Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 Akira

Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
11 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian

Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges

Cyber News related to Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)