What did Google's Project Zero find about Microsoft's Windows 11 patch?

Google's Project Zero found that Microsoft's patch for CVE-2025-60718 in Windows 11 was incomplete and did not fully address the vulnerability.

Is the Windows 11 security flaw serious?

The vulnerability requires physical access and involves an opt-in feature, minimizing immediate risk, though it remains unpatched.

Why hasn't Microsoft fixed the Windows 11 Administrator Protection bug?

Microsoft has not responded to Google's detailed findings on the incomplete fix for the Administrator Protection feature, leaving it unaddressed.

Home / Technology / Microsoft Ignores Google's Fix for Windows Flaw

Microsoft Ignores Google's Fix for Windows Flaw

17 Dec

•

Summary

Microsoft's Windows 11 security fix for CVE-2025-60718 is incomplete.
Google's Project Zero reported the flaw and detailed issues with Microsoft's patch.
The vulnerability requires physical access and is on an opt-in feature.

Microsoft Ignores Google's Fix for Windows Flaw

Microsoft has yet to address a security flaw in Windows 11, CVE-2025-60718, despite Google's Project Zero detailing its incomplete patching.

Project Zero reported the vulnerability on November 12th and subsequently published a detailed analysis on November 19th, explaining why Microsoft's fix was problematic. The flaw in the Administrator Protection feature allows for privilege escalation but requires physical access to the machine.

Further analysis by Project Zero indicated the issue was not fully resolved, noting that Administrator Protection is an opt-in feature that was also disabled by a flag on tested Windows 11 machines. Microsoft has not responded to these findings as of November 20th.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.