Windows Users Warned: A new Windows Desktop Vulnerability found.

#security #devops #news #hacking

Desktop Window Manager’s vulnerability:

Kaspersky researchers have found a zero-day vulnerability (CVE-2021-28310) in a Microsoft Windows component called Desktop Window Manager (DWM).

They said:

"The vulnerability our advanced exploit prevention technology discovered is an elevation of privilege vulnerability. That means a program can trick Desktop Window Manager into giving it access that it shouldn’t have. In this case, the vulnerability allowed the attackers to execute arbitrary code on victims’ machines — it essentially gave them full control over the computers."

CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API.

How to get your pc safe:

Download this pc patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28310

Measure and Advance Your DevSecOps Maturity

In this white paper, we lay out a DevSecOps maturity model based on our experience helping thousands of organizations advance their DevSecOps practices. Learn the key competencies and practices across four distinct levels of maturity.

Get The White Paper