Satnam Narang, senior employees analysis engineer at Tenable, known as DWM a “frequent flyer” on Patch Tuesday, with 20 CVEs patched on this library since 2022. However, he added, that is the primary time researchers have seen an info disclosure bug on this element exploited within the wild.
Extra priorities
Executives must also prioritize fast patching and threat discount efforts this month across the Home windows Native Safety Authority Subsystem Service Distant Code Execution, Home windows Graphics Element Elevation of Privilege, and Home windows Virtualization Primarily based Safety Enclave Elevation of Privilege flaws, Bicer stated, as these vulnerabilities immediately allow full system or belief boundary compromise.
Strategic focus ought to embody accelerating patch deployment for vital and necessary flaws, lowering pointless native entry, hardening authentication paths, and carefully monitoring for irregular privilege escalation habits, Bicer stated.
