Skip to main content

Windows DWM Core EUVDEUVD-2026-35594

| CVE-2026-42905 HIGH
Use After Free (CWE-416)
2026-06-09 secure@microsoft.com GHSA-6496-48pg-4v8q
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 17:40 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionNVD

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library enables an authorized low-privilege user to elevate to higher privileges via a use-after-free condition. The flaw carries a CVSS 7.8 (High) and no public exploit identified at time of analysis, though Microsoft has acknowledged the issue through MSRC. Successful exploitation grants full confidentiality, integrity, and availability impact on the affected host.

Technical ContextAI

The Desktop Window Manager (DWM) is the compositing window manager in Windows that renders desktop visuals (Aero, transparency, live thumbnails) by combining application surfaces via Direct3D. The DWM Core Library exposes kernel-adjacent graphics primitives used by both user-mode shells and privileged rendering paths, making memory-safety bugs in this component a recurring source of elevation-of-privilege CVEs. The root cause is CWE-416 (Use After Free) - an object is freed but a dangling pointer is later dereferenced, allowing an attacker who can groom the heap to substitute attacker-controlled data where a freed object's vtable or function pointer is expected, ultimately redirecting execution flow within a higher-privileged context.

RemediationAI

Apply the patch referenced in the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42905 via Windows Update or WSUS as soon as it is available for the affected SKU; the exact KB number and fix build were not provided in the input and should be confirmed against MSRC for each Windows version in scope. As compensating controls until patching completes, restrict interactive and remote desktop logon to trusted administrators (since the bug requires local authenticated execution), enforce attack-surface-reduction rules and Credential Guard to limit the value of a successful elevation, and monitor for unusual child processes spawned by dwm.exe or unexpected token-impersonation events - note that disabling DWM is not a viable workaround as it breaks the Windows desktop shell.

Share

EUVD-2026-35594 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy