Microsoft Patches Repeated Elevation-of-Privilege Flaws in DWM Core Library
Microsoft has issued security advisories for multiple Desktop Window Manager (DWM) Core Library elevation-of-privilege vulnerabilities affecting Windows, including CVE-2022-21902, CVE-2022-41096, CVE-2024-43629, CVE-2025-21304, and CVE-2025-53801. The flaws were published across several update cycles through the Microsoft Security Response Center, indicating a recurring security issue in the component responsible for Windows desktop composition and rendering.
The advisories identify the vulnerabilities as elevation of privilege issues in the Windows or Microsoft DWM Core Library, meaning successful exploitation could allow an attacker with existing access to gain higher privileges on a targeted system. Microsoft released fixes through its Security Update Guide and related portal advisories, making patching a priority for organizations that rely on Windows endpoints and servers where the DWM component is present.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Microsoft publishes advisory for CVE-2025-53801
Microsoft published a Security Update Guide entry for CVE-2025-53801, another Microsoft DWM Core Library elevation of privilege vulnerability.
Microsoft publishes advisory for CVE-2025-21304
Microsoft published a Security Update Guide entry for CVE-2025-21304, describing a Microsoft DWM Core Library elevation of privilege vulnerability.
Microsoft publishes advisory for CVE-2024-43629
Microsoft published a Security Update Guide advisory for CVE-2024-43629, a Windows DWM Core Library elevation of privilege vulnerability.
Microsoft publishes advisory for CVE-2023-36033
Microsoft published a Security Update Guide advisory for CVE-2023-36033, identified as a Windows DWM Core Library elevation of privilege vulnerability.
Microsoft publishes advisory for CVE-2022-41096
Microsoft published a Security Update Guide entry for CVE-2022-41096, identified as a Microsoft DWM Core Library elevation of privilege vulnerability.
Microsoft publishes advisory for CVE-2022-21902
Microsoft published a Security Update Guide advisory for CVE-2022-21902, a Windows DWM Core Library elevation of privilege vulnerability.
Sources
6 references tracked. Mallory keeps watching after this page renders.
CVE-2025-53801 - Security Update Guide - Microsoft - Microsoft DWM Core Library Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21304 - Security Update Guide - Microsoft - Microsoft DWM Core Library Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-43629 - Security Update Guide - Microsoft - Windows DWM Core Library Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36033 - Security Update Guide - Microsoft - Windows DWM Core Library Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2022-41096 - Security Update Guide - Microsoft - Microsoft DWM Core Library Elevation of Privilege Vulnerability
msrc.microsoft.com
Open sourceCVE-2022-21902 - Security Update Guide - Microsoft - Windows DWM Core Library Elevation of Privilege Vulnerability
portal.msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft discloses multiple Windows elevation-of-privilege flaws across kernel and core components
Microsoft published security advisories for a series of **Windows elevation-of-privilege** vulnerabilities affecting the **Windows Kernel**, **File Explorer**, **Windows Management Service**, **Windows UI XAML Phone DatePickerFlyout**, **Windows Graphics Component**, **Windows Storage**, and the **DirectX Graphics Kernel**. The referenced flaws include `CVE-2026-26132`, `CVE-2025-62565`, `CVE-2025-54103`, `CVE-2025-54111`, `CVE-2025-55693`, `CVE-2024-38249`, `CVE-2025-62573`, `CVE-2024-38248`, and `CVE-2025-55678`. The disclosures indicate a broad patching effort spanning core operating system subsystems and user-facing Windows components, with repeated exposure in privileged areas such as the kernel and graphics stack. For defenders, the concentration of elevation-of-privilege issues across these components raises the risk that attackers could chain local access or code execution with privilege escalation to gain **SYSTEM-level** or otherwise expanded rights on affected Windows systems, making prompt validation and deployment of Microsoft updates a priority.
May 25, 2026
Microsoft Patched Multiple Windows Elevation of Privilege Flaws Across Core Components
Microsoft published security updates for several **Windows elevation of privilege** vulnerabilities affecting core components including **Win32k** (`CVE-2024-30082`, `CVE-2023-36743`), **Microsoft COM for Windows** (`CVE-2025-21281`), the **Microsoft Graphics Component** (`CVE-2025-49708`), and the **Windows Search Service** (`CVE-2026-27909`). The advisories indicate that successful exploitation could allow an attacker to gain higher privileges on a targeted Windows system, increasing the risk of broader compromise after initial access. The affected components span user interface, inter-process communication, graphics, and search functionality, showing continued exposure in widely deployed parts of the Windows platform. Microsoft issued entries for each CVE through its Security Update Guide, including both vulnerability and advisory records for `CVE-2025-21281`, and organizations should prioritize patching these flaws as part of routine Windows security maintenance because privilege escalation bugs are commonly chained with other exploits to obtain **SYSTEM**-level or administrative control.
May 25, 2026
Microsoft Fixes Windows Elevation-of-Privilege Flaws in tdx.sys and DWM Core
Microsoft published security updates for multiple Windows elevation-of-privilege vulnerabilities affecting the **TDI Translation Driver** (``tdx.sys``) and the **DWM Core Library**. The disclosures include **CVE-2026-27908** and **CVE-2026-27921** in ``tdx.sys``, **CVE-2026-25189** in the DWM Core Library, and an earlier related TDI Translation Driver issue, **CVE-2025-49659**. Microsoft classified the flaws as local privilege-escalation bugs that could let an authenticated attacker gain higher privileges on a vulnerable system. Microsoft said **CVE-2026-27908** is a **use-after-free** vulnerability tracked as **CWE-416** with a **CVSS 3.1 score of 7.0**, and warned exploitation is **more likely** despite requiring high attack complexity because the attacker must win a race condition. The company stated the issue was **not publicly disclosed** and **not exploited in the wild** at publication, and credited **Angelboy (@scwuaptx) of DEVCORE** for reporting it. Fixes were made available through the Microsoft Security Update Guide for all listed vulnerabilities.
May 31, 2026