Skip to main content

Windows DWM Core EUVDEUVD-2026-35748

| CVE-2026-44808 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-06-09 secure@microsoft.com GHSA-83gr-6443-3q7q
7.8
CVSS 3.1 · Vendor: microsoft
Temporal: 6.8
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:35 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.8

DescriptionCVE.org

Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in the Windows Desktop Window Manager (DWM) Core Library stems from a use-after-free condition (CWE-122) that lets an authenticated low-privileged user gain elevated rights on affected Windows systems. The flaw was reported by Microsoft (secure@microsoft.com) and tracked via MSRC, with no public exploit identified at time of analysis and no CISA KEV listing. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability once the attacker has local foothold.

Technical ContextAI

The Desktop Window Manager (dwm.exe and its supporting Core Library, dwmcore.dll) is the compositing window manager that renders the Windows desktop, handling visual effects, transparency, and surface composition across user sessions. CWE-122 here is classified as a heap-based memory corruption issue and the description identifies it as a use-after-free: a heap object referenced by DWM is freed but a dangling pointer is later dereferenced, allowing an attacker to influence the contents of the reused allocation. Because DWM components historically run with higher privileges than the calling user session, corrupting their heap state is a recognized vector for crossing privilege boundaries on Windows. The advisory tags (Buffer Overflow, Heap Overflow, Denial Of Service) align with this memory-safety class.

RemediationAI

Patch available per vendor advisory - apply the Microsoft security update referenced in the MSRC guide at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44808 through Windows Update, WSUS, or your enterprise patch management platform; exact fix KB numbers should be taken from that advisory for each Windows SKU you operate. No vendor-published workaround is listed, and disabling DWM is not a supported configuration on modern Windows, so compensating controls are limited to reducing local foothold risk: enforce least-privilege on interactive users, require LAPS-managed local admins, enable Credential Guard and HVCI to make post-exploitation harder, and restrict the ability of low-privileged users to run untrusted binaries via AppLocker or WDAC, accepting the operational overhead of application allowlisting.

CVE-2026-25173 HIGH POC
8.0 Mar 10

Remote code execution in Windows RRAS affects Windows 10 1607 and Windows Server 2022 23h2 through an integer overflow v

CVE-2026-44812 HIGH
7.8 Jun 09

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local a

CVE-2026-44803 HIGH
7.8 Jun 09

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to

CVE-2026-50507 MEDIUM
6.8 Jun 09

BitLocker's protection mechanism on Windows fails to enforce a critical authentication or verification step, permitting

CVE-2026-45658 MEDIUM
6.8 Jun 09

Security feature bypass in Microsoft Windows BitLocker allows an attacker with physical access to circumvent the drive e

CVE-2026-42915 MEDIUM
5.5 Jun 09

Denial-of-service in the Windows TCP/IP stack allows an authenticated attacker on an adjacent network to crash the netwo

CVE-2026-42973 MEDIUM
5.5 Jun 09

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables a locally authenticated

CVE-2026-42971 MEDIUM
5.5 Jun 09

Windows Push Notifications on multiple Windows 10, Windows 11, and Windows Server versions exposes sensitive memory cont

CVE-2026-42970 MEDIUM
5.5 Jun 09

Windows Push Notifications contains a use-of-uninitialized-resource flaw (CWE-200) that enables authenticated local atta

CVE-2026-45602 CRITICAL
9.1 Jun 09

Remote tampering in Microsoft Windows DHCP Server allows unauthenticated network attackers to manipulate critical data w

CVE-2026-25188 HIGH
8.8 Mar 10

Privilege escalation in Windows Telephony Service through heap buffer overflow affects Windows 10 1607, Windows 11 25h2,

CVE-2026-47653 HIGH
8.8 Jun 09

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP serve

Share

EUVD-2026-35748 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy