Microsoft Windows Elevation of Privilege Vulnerability in Capability Access Management Service

A race condition vulnerability has been identified in the Capability Access Management Service (camsvc) on Microsoft Windows. This vulnerability allows an authorized attacker to locally elevate privileges. The issue arises from concurrent execution using shared resources without proper synchronization, creating a race condition that can be exploited to gain higher privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM privileges.

Remediation

Users can apply the security update KB5074109 to address this vulnerability. This security update is available through the Microsoft Update Catalog. For Windows 11 versions 24H2 and 25H2, both x64-based and ARM64-based systems, the update is also available via the Microsoft Update Catalog. Windows Server 2025 users can download the security update KB5074109 from the Microsoft Update Catalog.