![Apple to Split Enterprise and Western Europe Roles as VP Exits [Report]](https://www.iclarified.com/images/news/97032/97032/97032-640.jpg)
![Nanoleaf Announces New Pegboard Desk Dock With Dual-Sided Lighting [Video]](https://www.iclarified.com/images/news/97030/97030/97030-640.jpg)
![Apple's Foldable iPhone May Cost Between $2100 and $2300 [Rumor]](https://www.iclarified.com/images/news/97028/97028/97028-640.jpg)
![Alleged Pixel 10 series wallpapers leak with vibrant colors and a strange new theme [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/04/pixel-10-wallpaper-leak-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=tracking}
.webp?#)
![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds
A critical vulnerability in Windows 11 allowed attackers to escalate from a low-privileged user to full system administrator rights in just 300 milliseconds. The vulnerability, tracked as CVE-2025-24076, exploits a weakness in Windows 11’s “Mobile devices” feature through a sophisticated DLL hijacking technique. The security flaw, discovered in September 2024 and publicly disclosed on April […] The post Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds appeared first on Cyber Security News.
A critical vulnerability in Windows 11 allowed attackers to escalate from a low-privileged user to full system administrator rights in just 300 milliseconds.
The vulnerability, tracked as CVE-2025-24076, exploits a weakness in Windows 11’s “Mobile devices” feature through a sophisticated DLL hijacking technique.
The security flaw, discovered in September 2024 and publicly disclosed on April 15, 2025, targets a DLL file loaded by Windows 11’s camera functionality.
Researchers found that the file CrossDevice.Streaming.Source.dll, located in the user-modifiable %PROGRAMDATA%\CrossDevice\ directory, is loaded first by a regular user process and then by a high-privileged system process.
“This vulnerability represents a classic DLL hijacking scenario with a challenging timing element,” John Ostrowski of Compass Security said to Cyber Security News. “The window of opportunity is incredibly small just 300 milliseconds, but we developed techniques to make exploitation reliable.”
Windows 11 Privilege Escalation Vulnerability
The exploitation involves multiple technical challenges. Initial automated scans using the PrivescCheck tool revealed that unprivileged users had modification rights to the COM server module file:
To overcome the narrow time window, researchers employed Opportunistic Locks to halt program execution at the precise moment needed.
Using Microsoft’s Detours library, they intercepted Windows API calls specifically targeting GetFileVersionInfoExW to identify when the file could be replaced reliably.
The researchers created a malicious DLL that maintains the expected functionality while adding unauthorized commands:
This code executes with SYSTEM privileges when loaded by the high-privileged process. To ensure the replaced DLL maintained functionality, researchers implemented a proxy that forwards function calls to the original DLL:
Mitigations
The vulnerability affects Windows 11 systems with the “Mobile devices” feature, which allows users to link their phones to use the phone’s camera as a webcam. Microsoft released a patch in their March 2025 security updates.
This discovery highlights the importance of tight file access controls and signature verification in privileged processes.
Endpoint Detection and Response (EDR) solutions could detect such attacks through behavioral monitoring, even before available patches.
“While keeping your system up to date is crucial, there are additional steps you can take to safeguard your machine,” researchers said. “By using an EDR solution, you can proactively detect unusual behavior and identify irregular activity.”
Microsoft has assigned CVE-2025-24076 to the primary system-level privilege escalation and CVE-2025-24994 to a related user-to-user attack vector within the same functionality.
Users are strongly encouraged to apply the latest Windows security updates to mitigate these vulnerabilities.
The exploit demonstrates how even modern operating systems can be vulnerable to long-established attack techniques when implemented in new features, especially when skilled attackers leverage timing and race conditions.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
The post Windows 11 Escalation Vulnerability Let Attackers Gain Admin Access Within 300 Milliseconds appeared first on Cyber Security News.
