CVE-2025-59199 – Windows Software Protection Platform (SPP)

Microsoft Software Protection Platform (SPP) contains an elevation of privilege vulnerability caused by improper access control. An authorized attacker with low privileges could exploit the vulnerability locally to elevate privileges from a low integrity level to a medium integrity level. While the issue does not provide full administrative or SYSTEM access, it can enable attackers to bypass intended security boundaries and increase their ability to perform unauthorized actions on the affected system.

CVSS Score: 7.8

SEVERITY: Important

THREAT:
This vulnerability allows a locally authenticated attacker to gain higher privileges than originally assigned. By exploiting weaknesses in access control enforcement, an attacker may bypass security restrictions and gain access to resources or operations that should be unavailable to their current privilege level. Such privilege escalation vulnerabilities are often used as part of a broader attack chain following an initial compromise.

EXPLOITS:
Microsoft reports that the vulnerability is not publicly disclosed and not currently exploited. No public proof-of-concept (PoC) exploit code has been confirmed. However, Microsoft assesses the vulnerability as Exploitation More Likely, indicating a higher possibility of future exploitation compared to many other vulnerabilities.

TECHNICAL SUMMARY:
The vulnerability is associated with CWE-284: Improper Access Control. Software Protection Platform (SPP) does not properly enforce access restrictions in certain scenarios, allowing an authorized attacker with low privileges to elevate their access level locally. Successful exploitation could allow an attacker to move from a low integrity level to a medium integrity level, increasing access to system resources and enabling further malicious activity. The attack requires local access, low privileges, and no user interaction.

EXPLOITABILITY:
Affected software includes Software Protection Platform (SPP) on supported Microsoft Windows systems, including Windows 10, 11 Windows Server 2019, 2022 and 2025. Exploitation requires local access and a low-privileged account. No user interaction is required, and attack complexity is low, making exploitation relatively straightforward once access to the system has been obtained.

BUSINESS IMPACT:
Although the vulnerability does not directly provide administrative or SYSTEM privileges, it can help attackers strengthen their position within a compromised environment. Elevated privileges can enable access to additional resources, facilitate credential theft attempts, bypass security controls, or support further privilege escalation activities. Organizations should view this vulnerability as a potential enabler within larger attack chains.

WORKAROUND:
If immediate patching is not possible:

• Restrict local access to trusted users only.
• Apply the principle of least privilege across user accounts.
• Monitor for unusual privilege escalation activity.
• Review endpoint security controls and application allow-listing policies.
• Deploy the official Microsoft security update as soon as practical.