The CVE-2025-55680 vulnerability discovered in March 2024 allows attackers to escalate privileges and create arbitrary files through a time-of-check to time-of-use (TOCTOU) race condition in the Windows Cloud Files Minifilter driver. This flaw was patched during the October 2025 Patch Tuesday updates, receiving a CVSS score of 7.8 for its severity. Security experts indicate that while there haven’t been confirmed exploitations in the wild, the simplicity of the vulnerability presents a significant risk to systems using the driver.
The Cloud Files Minifilter is integral to features such as OneDrive’s Files On-Demand, managing file synchronization between local systems and cloud storage. The vulnerability lies in the function responsible for file placeholder creation, which introduces a narrow timing window that attackers can exploit. By altering memory buffers during file creation calls, malicious actors can bypass protections and gain SYSTEM-level access, resulting in the ability to execute kernel-mode code. Microsoft recommends immediate patching and advises enterprises to audit their OneDrive configurations and enforce security policies to mitigate such risks as reliance on cloud services increases.
👉 Pročitaj original: Cyber Security News
