Microsoft DWM Core Library Privilege Escalation Vulnerability
Vulnerability
A heap-based buffer overflow vulnerability has been identified in the Windows DWM Core Library. This vulnerability allows an authorized attacker to elevate privileges locally. The issue affects multiple Windows products, including various versions of Windows 10, Windows 11, Windows Server 2016, Windows Server 2022, Windows Server 2019, and Windows Server 2025. The vulnerability arises from a heap-based buffer overflow, which could be exploited by an attacker to gain higher privileges, potentially reaching SYSTEM level.
Impact
Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain elevated rights on the affected system.
Remediation
Users can download the security update for this vulnerability through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5066835, KB5066836, KB5066791, KB5066780, KB5066586, and KB5066837.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.