Windows GDI Elevation of Privilege Vulnerabilities Patched by Microsoft
Microsoft published security advisories for multiple Windows GDI Elevation of Privilege flaws, including CVE-2017-0005 and CVE-2022-21903. Both vulnerabilities affect the Windows Graphics Device Interface and could allow an attacker to gain higher privileges on a targeted system if successfully exploited.
The advisories were released through Microsoft's Security Update Guide and MSRC portal, indicating that patches were made available for affected Windows platforms. The issues highlight the recurring security risk posed by privilege-escalation bugs in core Windows graphics components, which can be used by attackers after initial access to move from limited user rights to more powerful system-level control.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2022-21903
Microsoft released a Security Update Guide entry for CVE-2022-21903, another Windows GDI Elevation of Privilege vulnerability.
Microsoft publishes advisory for CVE-2017-0005
Microsoft released a Security Update Guide entry for CVE-2017-0005, a Windows GDI Elevation of Privilege vulnerability.
Sources
2 references tracked. Mallory keeps watching after this page renders.
CVE-2022-21903 - Security Update Guide - Microsoft - Windows GDI Elevation of Privilege Vulnerability
portal.msrc.microsoft.com
Open sourceCVE-2017-0005 - Security Update Guide - Microsoft - Windows GDI Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Windows Graphics Component Elevation of Privilege Flaws Patched by Microsoft
Microsoft disclosed and patched two **Windows Graphics Component** elevation-of-privilege vulnerabilities, tracked as `CVE-2025-49732` and `CVE-2025-53800`, through its Security Update Guide. Both issues affect the Windows graphics subsystem and could allow an attacker to gain higher privileges on a targeted system if successfully exploited. The vulnerabilities were published in separate Microsoft advisories and add to the stream of privilege-escalation bugs affecting core Windows components. Organizations should review the Microsoft Security Update Guide entries for both CVEs, identify affected Windows assets, and prioritize deployment of the relevant security updates to reduce the risk of local compromise escalating into broader system control.
May 25, 2026
Microsoft Patched Windows Elevation-of-Privilege Flaws in Kernel and Graphics Components
Microsoft disclosed and patched multiple Windows elevation-of-privilege vulnerabilities affecting core system components, including the **Windows Kernel** (`CVE-2023-36403`) and the **Windows Graphics Component** (`CVE-2023-38159`, `CVE-2023-24899`). The flaws could allow an attacker who already has access to a target system to gain higher privileges, increasing the risk of full system compromise and broader post-exploitation activity. The advisories show a recurring pattern of privilege-escalation risk in foundational Windows components that are widely present across enterprise environments. Organizations running affected Windows systems should prioritize applying Microsoft security updates for the listed CVEs and review endpoint detections for signs of local privilege-escalation attempts tied to kernel- or graphics-related processes.
May 25, 2026
Microsoft Patches Repeated Elevation-of-Privilege Flaws in DWM Core Library
Microsoft has issued security advisories for multiple **Desktop Window Manager (DWM) Core Library** elevation-of-privilege vulnerabilities affecting Windows, including `CVE-2022-21902`, `CVE-2022-41096`, `CVE-2024-43629`, `CVE-2025-21304`, and `CVE-2025-53801`. The flaws were published across several update cycles through the Microsoft Security Response Center, indicating a recurring security issue in the component responsible for Windows desktop composition and rendering. The advisories identify the vulnerabilities as **elevation of privilege** issues in the Windows or Microsoft DWM Core Library, meaning successful exploitation could allow an attacker with existing access to gain higher privileges on a targeted system. Microsoft released fixes through its Security Update Guide and related portal advisories, making patching a priority for organizations that rely on Windows endpoints and servers where the DWM component is present.
May 25, 2026