Microsoft Windows Desktop Window Manager Privilege Escalation Vulnerability

A type confusion vulnerability has been identified in the Desktop Window Manager of Microsoft Windows. This vulnerability allows an authorized attacker to elevate privileges locally. It affects several different versions and ranges of Windows, including various releases of Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022. The vulnerability arises from the improper handling of resources, leading to potential unauthorized access or modification of system privileges.

Impact

Exploitation of this vulnerability allows an authorized user to gain elevated privileges, potentially leading to SYSTEM access.

Remediation

Users can apply the security update for their specific Windows version. This update is available through the Microsoft Update Catalog. For Windows 10, versions 21H2, 22H2, and 1809, as well as for Windows 11, versions 23H2, 24H2, and 26H1, the security update can be downloaded via the Update Catalog. Windows Server users can also find the relevant security updates in the Microsoft Update Catalog.