Monday, May 12, 2025
HomeCVE/vulnerabilityCritical Zero-day Vulnerability in Desktop Window Manager (DWM) Let Attackers to Escalate...

Critical Zero-day Vulnerability in Desktop Window Manager (DWM) Let Attackers to Escalate Privilege

Published on

SIEM as a Service

Follow Us on Google News

The security firm, Kaspersky has recently issued a warning about a new critical zero-day vulnerability found by its researchers in the Desktop Window Manager (DWM).

The bug was accidentally found by the security researchers at Kaspersky in February of this year while they were studying another known flaw (CVE-2021-1732); this new problem was then referred to Microsoft and classified by code CVE-2021-28310.

Researchers claimed that this newly-discovered critical zero-day vulnerability, CVE-2021-28310 was abused in the wild by the attackers. This flaw is an Escalation of Privilege (EoP) which is detected in DWM (Desktop Window Manager)

- Advertisement - Google News

According to the report, this exploit was used in the wild by several threat actors. This is an Escalation of Privilege (EoP) that allows attackers to execute arbitrary code on the victim’s device.

Desktop Window Manager (DWM)

Desktop Window Manager (DWM) is an essential component of Windows responsible for rendering the windows that use the operating system.

The Desktop Window Manager composes the application windows screen before drawing it on your screen. This allows Windows to add effects like transparency and live taskbar thumbnails. So, this process is a vital part of Windows that you can’t prevent from running.

In short, the DWM (Desktop Window Manager) clutches all the necessary information from the buffer of each program and formulates the composite view of the overall interface that the user perceives.

Zero-day vulnerability in Desktop Window Manager (DWM)

The “CVE-2021-28310” is a privilege escalation bug, and abusing this flaw an attacker can easily evade the operating system’s user levelling systems and become an administrator to perform abstruser actions on the affected PC. 

So, in this case, the cybersecurity analysts of Kaspersky believe that the hacking groups that are specialized in targeted attacks were already actively abusing this bug along with other known weaknesses to hack into other user’s systems without being detected by security tools.

Mitigations

The security researchers at Kaspersky has recommended quick mitigations, and here they are mentioned below:-

  • Immediately install the patches released on April 13 by Microsoft on all the vulnerable systems to prevent threat actors from exploiting them.
  • Guard all of your devices with a robust endpoint security solution and patch management capabilities.
  • Implement an enterprise-grade security solution that identifies advanced network-layer threats early on.

Microsoft has already released security updates and patches to fix the flaw for several versions of Windows 10. So, here, users need to install them as soon as possible to defend against these types of vulnerabilities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in...

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple...

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...