# Description
This is PoC for CVE-2025-48799, an elevation of privilege vulnerability in Windows Update service.
This vulnability affects windows clients (win11/win10) with at least 2 hard drives. When machine have multiple hard drives it is possible to change location where new content is saved using the Storage Sense. If location for new applications is changed to secondary drive, during the installation of new application the wuauserv service will perform arbitrary folder deletion without checking for symbolic links (if file is encountered the service will check final path using GetFinalPathByHandle) which leads to LPE.
This PoC utilise method (and some code) descibed in ZDI blog post: https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
## PoC
https://github.com/user-attachments/assets/eb099fbb-299d-42c1-be60-7514207918c3
[4.0K] /data/pocs/bba7fa14e027f7a34c0aac7a4365bd9b043d2004
├── [ 915] README.md
└── [4.0K] WinUpdateEoP
├── [558K] 5eeabb3.rbs
├── [4.0K] bin
│ └── [1.0M] WinUpdateEoP.exe
├── [4.2K] def.h
├── [4.4K] FileOplock.cpp
├── [1.0K] FileOplock.h
├── [ 16K] FileOrFolderDelete.cpp
├── [ 10K] main.cpp
├── [184K] Msi_EoP.msi
├── [ 440] resource.aps
├── [ 300] resource.h
├── [2.1K] resource.rc
├── [1.4K] WinUpdateEoP.sln
├── [6.8K] WinUpdateEoP.vcxproj
├── [1.6K] WinUpdateEoP.vcxproj.filters
└── [ 168] WinUpdateEoP.vcxproj.user
2 directories, 16 files