Desktop Window Manager’s vulnerability:
Kaspersky researchers have found a zero-day vulnerability (CVE-2021-28310) in a Microsoft Windows component called Desktop Window Manager (DWM).
They said:
"The vulnerability our advanced exploit prevention technology discovered is an elevation of privilege vulnerability. That means a program can trick Desktop Window Manager into giving it access that it shouldn’t have. In this case, the vulnerability allowed the attackers to execute arbitrary code on victims’ machines — it essentially gave them full control over the computers."
CVE-2021-28310 is an out-of-bounds (OOB) write vulnerability in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe). Due to the lack of bounds checking, attackers are able to create a situation that allows them to write controlled data at a controlled offset using DirectComposition API.
How to get your pc safe:
Download this pc patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28310
Top comments (0)