Microsoft has patched a significant use-after-free vulnerability in its Brokering File System (BFS) driver, tracked as CVE-2025-29970.
The flaw enables local attackers to escalate privileges on Windows systems running isolated or sandboxed applications, making it a notable concern for enterprise security.
The vulnerability exists in bfs.sys, a minifilter driver developed alongside Windows AppContainer and AppSilo, Microsoft’s sandbox mechanisms for isolating Win32 applications.
| CVE ID | Vulnerability Type | Affected Component | Security Impact | CVSS Score | Affected Versions |
|---|---|---|---|---|---|
| CVE-2025-29970 | Use-After-Free (UAF) | Brokering File System (bfs.sys) | Local Privilege Escalation | 8.8 (High) | Windows 11, Server 2022+ |
BFS manages file, pipe, and registry operations from isolated applications, making it an attractive target for privilege escalation attacks.
Microsoft Brokering File System Vulnerability
The root cause lies in improper memory management in the deallocation logic of BFS’s DirectoryBlockList.
The vulnerable code deallocates the linked-list head while still iterating through remaining entries in the same loop, creating a classic use-after-free condition.
When policy entries are removed via the BfsProcessDeletePolicyEntryRequest IOCTL, the vulnerable deallocation process triggers. Allowing attackers to manipulate freed memory structures.
HT3Labs, the security research team that discovered this flaw, documented the vulnerability affecting bfs.sys version 26100.4061.
Microsoft separated the deallocation loop into a dedicated BfsCloseRootDirectory function in the patch. Ensuring the list head is deallocated only after all entries are processed.
Exploitation Requirements
Successful exploitation demands specific conditions: the attacker must impersonate an appropriate process with AppSilo token capabilities.
Create policy entries within the system, and repeatedly trigger removal operations to force freed memory reclamation.
Testing revealed that only Medium Integrity Level processes can access the BFS device, limiting the scope of exploitation but not eliminating the risk.
The attack sequence involves impersonating a low-box token, creating temporary files in isolated application directories, and executing rapid IOCTL-based add-remove cycles.
While immediate system crashes weren’t observed due to memory allocation patterns, sustained exploitation reliably triggers a fatal system error (0x00000050) in bfs.sys.
This vulnerability poses a significant threat to systems that use Windows sandbox features, particularly enterprises that deploy isolated applications for enhanced security.
Microsoft released patches in January 2025; organizations should prioritize applying them immediately. Security teams should monitor for exploitation attempts targeting medium-integrity processes. Consider restricting untrusted application execution in sandboxed environments until a patch is deployed.
According to PixiePointSecurity, the finding shows that even specialized security drivers can still suffer from subtle memory management flaws.
Reinforcing the need for continuous security assessment of Windows kernel-mode components.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
