Windows 10 and 11 users beware: Medium-Severity Flaw Found in Microsoft Windows Desktop Window Manager

A critical alert has been sent out by the Indian government to Windows 10 and Windows 11 users. This alert was sent out by the Computer Emergency Response Team (CERT-In). According to the agency, a new vulnerability discovered in Microsoft Windows could expose users to sensitive information. This warning is important for both ordinary users and organizations that rely on Windows-based systems for their daily operations.

According to CERT-In, this vulnerability was discovered in the Desktop Window Manager (DWM) component of Windows. DWM is a system process responsible for correctly displaying windows, animations, and visual effects on the screen. This vulnerability has arisen due to improper handling of certain memory objects in this component.

This security alert affects various Windows versions. Windows 10, with versions 1607, 1809, 21H2, and 22H2, has been affected. Windows 11 with versions 23H2, 24H2, and 25H2 has also been affected. There are various server editions, from Windows Server 2012 to Windows Server 2025, that have been reported to be affected.

This vulnerability has been rated “medium severity” by CERT-In. But if the leaked information includes confidential data stored in the system, hackers can bypass the security mechanisms such as ASLR, thus increasing the risks of major cyber-attacks.

This vulnerability could expose critical information from system memory. Attackers could use this data to plan further attacks, gain greater privileges within the system, or weaken the security of the entire system.

CERT-In advises all users to immediately install the latest security updates released by Microsoft. To do this, keep your system fully updated by accessing Windows Update. It also recommends avoiding the use of unknown or untrusted local accounts and prioritizing regular patching.