Microsoft Windows Information Disclosure Vulnerability in Desktop Window Manager

A vulnerability allowing information disclosure has been identified in the Desktop Window Manager component of Microsoft Windows. This issue allows an authorized attacker to locally disclose sensitive information, specifically user-mode memory addresses, through a remote ALPC port.

Impact

Exploitation of this vulnerability could lead to unauthorized local information disclosure.

Remediation

Users can apply the security update KB5073724 for Windows 10, KB5073722 for Windows Server 2016, KB5073696 for Windows Server 2012 R2, and KB5073457 for Windows Server 2022. For Windows 11, the security update KB5074109 is available for versions 24H2 and 25H2, both for x64 and ARM64-based systems. Windows Server 2025 also has a security update available. Instructions for downloading these updates can be found on the Microsoft Update Catalog.