DEV Community

manish srivastava
manish srivastava

Posted on

Windows Users Warned: A new Windows Desktop Vulnerability found.

Desktop Window Manager’s vulnerability:

Kaspersky researchers have found a zero-day vulnerability (CVE-2021-28310) in a Microsoft Windows component called Desktop Window Manager (DWM).

They said:

"The vulnerability our advanced exploit prevention technology discovered is an elevation of privilege vulnerability. That means a program can trick Desktop Window Manager into giving it access that it shouldn’t have. In this case, the vulnerability allowed the attackers to execute arbitrary code on victims’ machines — it essentially gave them full control over the computers."

CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API.

How to get your pc safe:

Download this pc patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28310

Top comments (0)