CVE-2025-64673 is a vulnerability classified under CWE-284 (Improper Access Control) found in the Storvsp.sys driver component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The flaw allows an attacker with authorized local access to escalate privileges by exploiting insufficient access control mechanisms within the driver. Specifically, the Storvsp.sys driver fails to properly enforce security checks on operations that can be manipulated by a local user with limited privileges, enabling them to gain elevated system privileges. The vulnerability does not require user interaction and has a low attack complexity, meaning an attacker with local access can reliably exploit it without needing additional conditions. The CVSS v3.1 base score is 7.8, indicating high severity, with impacts rated as high on confidentiality, integrity, and availability. The scope remains unchanged (U), meaning the vulnerability affects only the local system context. No public exploits or proof-of-concept code are known at this time, but the vulnerability is publicly disclosed and should be considered a significant risk. The affected product is specifically Windows 10 Version 1809, which remains in use in various enterprise environments despite being an older release. The vulnerability's exploitation could allow attackers to bypass security controls, install persistent malware, or disrupt system operations.

For European organizations, this vulnerability poses a significant risk due to the potential for local attackers to gain elevated privileges, which can lead to full system compromise. Confidentiality breaches could expose sensitive corporate or personal data, while integrity violations might allow attackers to alter critical system files or configurations. Availability impacts could result from attackers disabling security services or causing system instability. Organizations in sectors such as finance, healthcare, government, and critical infrastructure are particularly vulnerable due to the sensitive nature of their data and operations. Since the vulnerability requires local access, insider threats or attackers who have already compromised user accounts pose the greatest risk. The presence of unpatched Windows 10 Version 1809 systems in European enterprises increases the attack surface. Additionally, the lack of known exploits currently may lead to complacency, but the vulnerability could be weaponized in targeted attacks or combined with other exploits for broader compromise.

1. Apply security updates from Microsoft as soon as they become available for Windows 10 Version 1809. Although no patch links are currently provided, organizations should monitor official Microsoft channels for updates. 2. Restrict local access to systems running the affected Windows version by enforcing strict access controls, including limiting administrative privileges and using endpoint protection solutions. 3. Employ application whitelisting and behavior monitoring to detect unusual privilege escalation attempts. 4. Conduct regular audits of user accounts and permissions to minimize the number of users with local access rights. 5. Consider upgrading affected systems to a supported and fully patched Windows version to reduce exposure to legacy vulnerabilities. 6. Implement network segmentation to limit the ability of attackers to move laterally if local privilege escalation occurs. 7. Educate IT staff and users about the risks of local privilege escalation vulnerabilities and the importance of reporting suspicious activity promptly.