Microsoft patches a critical flaw in PC Manager
Take action: If you're using Microsoft PC Manager, there isn't much you can do about this flaw. Apparently Microsoft already fixed it. But be aware of the existence of the flaw for your vendor risk evaluations. Also, update to the latest version 3.10.4.0, just in case.
Learn More
Microsoft has patched a critical security vulnerability in PC Manager, a system optimization tool that is only officially available in parts of the world.
Microsoft PC Manager is a system optimization tool that promises easy access to operating system functions for cleaning up and optimizing computers, designed to avoid the negative effects on Windows operation that some commercial optimization tools may cause. The software is currently available primarily in the United States and China, with plans to become an integral part of Windows 11 in the future.
The current version appears to be 3.10.4.0, which can be installed via Windows Package Manager using the command "winget install Microsoft.PCManager.Beta -s winget."
The flaw is tracked as CVE-2025-53795 (CVSS score 9.1). It is an improper authorization vulnerability taht allows unauthorized attackers to elevate privileges over a network.
Microsoft has not provided technical details about the exploit or which versions of PC Manager were affected. Microsoft claims that the vulnerability has already been mitigated by Microsoft on the server side. The CVE publication is only for transparency purposes.
Organizations using Microsoft PC Manager should ensure they are running the latest version and monitor Microsoft's official security communications for any additional guidance.
