Critical Zero-day Vulnerability in Desktop Window Manager (DWM) Let Attackers to Escalate Privilege

From gbhackers.com

Critical Zero-day Vulnerability in Desktop Window Manager (DWM) Let Attackers to Escalate Privilege

The security firm, Kaspersky has recently issued a warning about a new critical zero-day vulnerability found by its researchers in the Desktop Window Manager (DWM).

The bug was accidentally found by the security researchers at Kaspersky in February of this year while they were studying another known flaw (CVE-2021-1732); this new problem was then referred to Microsoft and classified by code CVE-2021-28310.

Researchers claimed that this newly-discovered critical zero-day vulnerability, CVE-2021-28310 was abused in the wild by the attackers. This flaw is an Escalation of Privilege (EoP) which is detected in DWM (Desktop Window Manager).

Read more…