The Indian government has issued an important cybersecurity warning for users of Windows 10 and Windows 11 operating systems. The advisory has been released by the Indian Computer Emergency Response Team (CERT-In), highlighting a newly identified vulnerability that could expose sensitive system information on affected devices. The warning is relevant for individual users as well as organisations relying on Microsoft Windows-based systems for daily operations.
What is the security issue
According to CERT-In, the vulnerability exists in the Desktop Window Manager (DWM) component of Microsoft Windows. Desktop Window Manager is a core system process responsible for rendering the graphical user interface, including windows, animations, and visual effects. The flaw arises due to improper handling of certain memory objects within this component.
If exploited, the vulnerability could allow an authenticated local attacker with low privileges to access sensitive information from system memory. While the issue does not allow remote attacks on its own, it can still be used as a supporting step in more complex cyberattacks.
Who is affected
The warning applies to multiple versions of Windows currently in use. Affected systems include Windows 10 versions 1607, 1809, 21H2, and 22H2, as well as Windows 11 versions 23H2, 24H2, and 25H2. Several editions of Windows Server, ranging from Windows Server 2012 to Windows Server 2025, are also impacted.
CERT-In has categorised the vulnerability as having a medium severity rating. However, it notes that disclosure of sensitive system information could help attackers bypass security protections such as Address Space Layout Randomisation (ASLR), increasing the risk of further compromise.
Impact and risk assessment
The primary risk associated with this vulnerability is the potential leakage of sensitive data from system memory. Such information could be misused to plan subsequent attacks, escalate privileges, or weaken the overall security posture of an affected system.
What users should do
CERT-In has advised users to apply security updates provided by Microsoft without delay. Microsoft has released patches addressing the issue, and users are encouraged to check for updates through Windows Update and ensure their systems are fully up to date. Regular patching and avoiding the use of untrusted local accounts are also recommended to reduce risk.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
