Microsoft PC Manager: Critical gap allows privilege escalation
There was a security gap in the PC optimization software Microsoft PC Manager, which allowed attackers from the network to extend rights.
(Image: heise medien)
The PC cleaning software Microsoft PC Manager is not yet officially available in our part of the world, but already has a critical security vulnerability. However, Microsoft claims to have already closed it.
The computer optimization software from Microsoft promises easy access to operating system functions for cleaning up and optimizing the computer – and some other cleaning functions. This, unlike commercially available optimization tools, should not negatively affect the operation of Windows and the software. However, Microsoft has now published a security announcement that somewhat clouds this assumption.
"Insufficient authorization in Microsoft PC Manager allows unauthorized attackers to elevate their privileges over the network," the developers write as succinctly as cryptically. It remains completely unclear where this authorization takes place (or not) and what the abuse could look like – it is therefore also not possible to deduce how this could be detected (CVE-2025-53795 / EUVD-2025-25500, CVSS 9.1, risk "critical").
Further details: scarce
Microsoft does not provide any instructions on how those affected can protect themselves against the vulnerability. The company explains: "The vulnerability has already been completely fixed by Microsoft. Users of this service do not need to take any action. This notification is for transparency purposes only".
Videos by heise
It therefore remains unclear which versions are affected. However, a link to a document about vulnerability entries for cloud services indicates that this is a function that Microsoft was able to correct on the server side.
(Image:Â heise medien)
The tool can be installed from the command line by running "winget install Microsoft.PCManager.Beta -s winget". This also triggers a search for updates for software that is already installed. However, winget is currently unable to find any updates, as it recognizes version 3.10.4.0 of Microsoft's PC Manager as the latest version.
The optimization software is set to become an integral part of Windows 11 in the future. The Microsoft PC Manager website itself still only offers the software in the USA and China.
(dmk)
