CVE-2025-60708 is a vulnerability classified under CWE-822 (Untrusted Pointer Dereference) found in the Storvsp.sys driver component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). This driver handles storage virtualization services, and the flaw arises when the driver dereferences a pointer that has not been properly validated or sanitized. An authorized attacker with local privileges can exploit this flaw by supplying crafted input or manipulating the driver to dereference an invalid or malicious pointer. This results in a denial of service condition by causing the system to crash or become unstable, impacting system availability. The vulnerability requires local access and privileges but does not require user interaction, making it a relatively straightforward attack for insiders or malware with local execution capabilities. The CVSS v3.1 score is 6.5 (medium severity), reflecting the limited impact on confidentiality and integrity but significant impact on availability. The scope is changed (S:C), indicating that the vulnerability affects components beyond the initially vulnerable driver, potentially impacting the entire system's stability. No public exploits or patches are currently available, but the vulnerability has been officially published and reserved by Microsoft. Organizations still running Windows 10 Version 1809 should consider this a risk for local denial of service attacks, especially in environments where system uptime is critical.

For European organizations, the primary impact is on system availability due to potential denial of service attacks. This can disrupt business operations, especially in sectors relying on legacy Windows 10 Version 1809 systems such as manufacturing, healthcare, and critical infrastructure. Although the vulnerability does not compromise data confidentiality or integrity, repeated or targeted exploitation could lead to operational downtime, loss of productivity, and increased support costs. In environments with shared or multi-user systems, malicious insiders or compromised local accounts could exploit this vulnerability to disrupt services. The lack of public exploits reduces immediate risk, but the absence of patches means the vulnerability remains a latent threat. Organizations with strict uptime requirements or those running legacy systems without regular updates are particularly vulnerable. Additionally, the vulnerability could be leveraged as part of a multi-stage attack to weaken system defenses or delay incident response.

1. Upgrade affected systems to a supported and patched version of Windows, preferably Windows 10 versions later than 1809 or Windows 11, as Microsoft no longer supports 1809 with security updates. 2. Restrict local administrative and user privileges to minimize the number of accounts that can exploit this vulnerability. 3. Implement strict access controls and monitoring on systems running Windows 10 Version 1809 to detect abnormal crashes or system instability indicative of exploitation attempts. 4. Use endpoint detection and response (EDR) tools to monitor for suspicious driver interactions or local privilege misuse. 5. Isolate legacy systems in segmented network zones to limit potential lateral movement or impact of denial of service conditions. 6. Prepare incident response plans that include recovery procedures for denial of service scenarios caused by driver crashes. 7. Regularly audit and inventory systems to identify any remaining Windows 10 Version 1809 deployments and prioritize their upgrade or replacement. 8. Engage with Microsoft support or security advisories for updates or patches addressing this vulnerability once available.