Microsoft has addressed a critical vulnerability, CVE-2025-55681, in the Desktop Window Manager (DWM) impacting Windows 10, Windows 11, and related servers globally.
Vulnerability Details
The vulnerability, residing in the dwmcore.dll component, allows attackers to escalate privileges to SYSTEM on affected systems. It specifically affects the CBrushRenderingGraphBuilder::AddEffectBrush function, used for rendering visual effects. Local attackers exploiting improper memory handling can execute code with elevated privileges. The flaw carries a CVSS v3.1 score of 7.8, indicating high severity.
- Identified by: CVE-2025-55681
- Affected products: Windows 10, 11, Server 2016-2025
- Exploits: Reliable on Windows 11; moderately stable on Windows 10
- Demonstrated at: TyphoonPWN competition
Security Recommendations
Microsoft has released security updates to mitigate CVE-2025-55681. Organizations should prioritize installing these patches to secure their systems against potential privilege escalation. Additional measures include restricting local code execution, enforcing least privilege, and disabling unnecessary services until updates are fully deployed.
Immediate Actions Required
System administrators are urged to apply all security patches immediately and to take preventive actions to prevent local attackers from exploiting this vulnerability. The security updates are designed to prevent unauthorized privilege escalation and thus protect sensitive data and systems.
