Windows | Finally Gets "Sudo" Powers | Windows Security Revolution

Microsoft just gave you a reason to take Windows security seriously if you were waiting for one.  The November 2025 update cycle brought one of the biggest changes to the Windows operating system's architecture in more than ten years. It finally fixed a security hole that has been a problem since the Windows XP era.

While the tech world is buzzing about new Snapdragon processors and massive phone batteries this week, the real story is happening inside your System32 folder.   Here is a deep dive into the new "Administrator Protection" feature, why it changes everything for IT professionals, and a roundup of the other critical tech news you might have missed this week.

Windows Finally Gets "Sudo" Powers

For years, Linux and macOS users have enjoyed a security model based on "Least Privilege." On those systems, even if you are an administrator, you are treated as a standard user until you explicitly invoke a command (like sudo).

Windows attempted this with User Account Control (UAC) back in the Vista days, but it was imperfect. The token system was often bypassable, and users frequently just clicked "Yes" without reading the dim screen prompt.

Enter "Administrator Protection"

• Dormant State: Upon logging in, you are a "Standard User." There are no admin rights for you. Your session is totally isolated from the system-managed admin account, which is asleep.

• Just-In-Time (JIT) Elevation: Windows activates the hidden admin account when you attempt to install an application or modify a registry key.

• Token Injection: The system injects a temporary admin token from the isolated account into the particular process you are attempting to run, rather than elevating your user.

• Destruction: The token is destroyed as soon as that particular task (such as the installation) is completed.

Why This Is Important for Cybersecurity: This eliminates a whole class of malware attacks called "Privilege Escalation." You don't have admin rights, so even if a hacker were to infect your user session with a Remote Access Trojan (RAT), they wouldn't be able to take over. Within a particular task, the admin rights are only present for milliseconds before disappearing.

How to Make It Possible: For now, this feature is optional. To activate it:

1. Go to Settings > Security & Privacy.
2. Launch Windows Security.
3. Locate the newly added Identity & Privileges tab.
4. Turn on Administrator Protection. Note: In order to create the hidden isolated account, the system must be restarted.

Patch Tuesday in November: The Important Fixes

In addition to the new features, there were more than 60 active vulnerabilities fixed during the November 2025 Patch Tuesday. There are two CVEs (Common Vulnerabilities and Exposures) that system administrators must patch right away.

1. Windows Kernel Elevation of Privilege (CVE-2025-62215)

Hackers were taking advantage of this Zero-Day vulnerability before Microsoft released a patch. It makes it possible for an attacker with low-level access (like a guest user) to obtain SYSTEM privileges, thereby gaining complete control over the system.

• Level of severity: critical
• Status: Patched (make sure you are running at least build 22631.4460).

2. GDI+ Remote Code Execution (CVE-2025-60724)

Because it takes advantage of the Graphics Device Interface (GDI+), this one is especially nasty.

• The Attack: A specially created image file could be sent to you by an attacker. Even just viewing the image in a preview pane has the potential to cause a buffer overflow and infect your computer with malicious code.

• The Fix: GDI+'s memory allocation for bitmap images is altered by the patch.