Microsoft Patches Actively Exploited Zero-Day in Windows Desktop Window Manager
Microsoft has released emergency security updates to address CVE-2026-21519, a critical zero-day vulnerability in the Windows Desktop Window Manager (DWM) that is currently being exploited in the wild. The flaw allows attackers to escalate privileges and gain full control over affected systems.
The Desktop Window Manager (dwm.exe) is a core Windows process responsible for rendering visual effects, including transparent windows, taskbar thumbnails, and high-resolution display support. Due to its deep integration with the operating system, it runs continuously in the background on all modern Windows versions.
The vulnerability stems from a memory corruption issue, where attackers can manipulate the DWM process to execute malicious code. Successful exploitation grants SYSTEM-level privileges, enabling attackers to install software, modify or delete data, and create new accounts with full administrative rights.
Microsoft has rated the flaw as Important with a CVSS score of 7.8, noting that while exploitation requires local access (e.g., an attacker must already be logged in or have compromised a low-privilege account), the attack does not require user interaction. The vulnerability affects multiple Windows versions, including:
- Windows 10 (1809, 21H2, 22H2)
- Windows 11 (23H2, 24H2, 25H2, 26H1)
- Windows Server (2016, 2019, 2022, 2025)
The patch was included in Microsoft’s February 2026 security update, available via Windows Update and the Microsoft Update Catalog. No workarounds exist, making immediate patching the only mitigation.
Source: https://cybersecuritynews.com/desktop-window-manager-0-day/
Microsoft cybersecurity rating report: https://www.rankiteo.com/company/Microsoft
"id": "MIC1770818146",
"linkid": "Microsoft",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology',
'location': 'Global',
'name': 'Microsoft Windows Users',
'type': 'Operating System'}],
'attack_vector': 'Local Access',
'date_publicly_disclosed': '2026-02',
'date_resolved': '2026-02',
'description': 'Microsoft has released emergency security updates to address '
'CVE-2026-21519, a critical zero-day vulnerability in the '
'Windows Desktop Window Manager (DWM) that is currently being '
'exploited in the wild. The flaw allows attackers to escalate '
'privileges and gain full control over affected systems. The '
'vulnerability stems from a memory corruption issue, enabling '
'attackers to execute malicious code with SYSTEM-level '
'privileges.',
'impact': {'operational_impact': 'Full system control, ability to install '
'software, modify or delete data, and create '
'new accounts with administrative rights',
'systems_affected': 'Windows Desktop Window Manager (dwm.exe)'},
'investigation_status': 'Resolved',
'post_incident_analysis': {'corrective_actions': 'Security patch released to '
'address the vulnerability',
'root_causes': 'Memory corruption issue in Windows '
'Desktop Window Manager (DWM)'},
'recommendations': 'Immediate patching of affected systems via Windows Update '
'or Microsoft Update Catalog',
'references': [{'source': 'Microsoft Security Update'}],
'response': {'containment_measures': 'Emergency security updates released via '
'Windows Update and Microsoft Update '
'Catalog',
'remediation_measures': 'Immediate patching of affected systems'},
'title': 'Microsoft Patches Actively Exploited Zero-Day in Windows Desktop '
'Window Manager',
'type': 'Privilege Escalation',
'vulnerability_exploited': 'CVE-2026-21519'}