Microsoft has confirmed a important out-of-bounds vulnerability within the Desktop Window Supervisor (DWM) that enables native attackers to escalate privileges to SYSTEM on affected Home windows techniques.
The vulnerability, recognized as CVE-2025-55681, resides within the dwmcore.dll part and impacts Home windows 10, Home windows 11, and associated server editions worldwide.
ProductAffected VersionsWindows 10All versionsWindows 11All versionsWindows Server 2016All versionsWindows Server 2019All versionsWindows Server 2022All versionsWindows Server 2025All variations
Understanding the Vulnerability
The flaw exists throughout the CBrushRenderingGraphBuilder::AddEffectBrush perform within the DWM core library.
A important part liable for rendering visible results and managing graphics operations.
Attackers who achieve native entry to an affected system can exploit improper buffer dealing with to execute code with elevated privileges.
FieldDetailsCVE IDCVE-2025-55681Vulnerability TypeElevation of Privilege / Out of Bounds Reminiscence AccessComponentdwmcore.dll (Desktop Home windows Supervisor Core Library)Affected FunctionCBrushRenderingGraphBuilder::AddEffectBrushCVSS v3.1 Score7.8 (Excessive)CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The vulnerability requires no person interplay as soon as preliminary system entry is obtained.
Making it significantly harmful in enterprise environments the place a number of customers share techniques or the place distant entry options are deployed.
Safety researchers demonstrated the vulnerability in the course of the TyphoonPWN Home windows safety competitors, the place it achieved recognition for its exploitation reliability.
The vulnerability carries a CVSS v3.1 rating of seven.8, indicating excessive severity. An authenticated attacker with low-level person privileges can bypass safety controls and achieve unrestricted system entry.
Permitting set up of malware, modification of system configurations, or theft of delicate information. The exploit works most reliably on Home windows 11 techniques however stays practical on Home windows 10.
Although there’s diminished stability attributable to completely different heap reminiscence administration implementations in older Home windows variations. Microsoft has launched safety patches to handle this vulnerability as a part of its common safety updates.
In keeping with SSD-Disclosure studies, organizations ought to apply patches instantly to all affected Home windows techniques. Till patches are deployed, directors ought to prohibit alternatives for native code execution by implementing strict entry controls.
Turning off pointless providers and implementing the precept of least privilege throughout person accounts.
System directors are urged to prioritize deploying this important replace, given the extreme nature of the privilege escalation impression and the low complexity required for exploitation.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
