Microsoft Windows DWM Core Library: 11 Vulnerabilities Disclosed Together
Microsoft's June 2026 Patch Tuesday addresses a cluster of eleven vulnerabilities in the Windows DWM Core Library, including high-severity privilege escalation flaws.
Key findings
- Eleven vulnerabilities in Windows DWM Core Library were disclosed together on June 9, 2026.
- Nine of the eleven CVEs are high-severity use-after-free flaws allowing privilege escalation.
- Two medium-severity out-of-bounds read flaws allow local information disclosure.
- All vulnerabilities require local access for exploitation.
- These flaws were addressed as part of Microsoft's June 2026 Patch Tuesday updates.
Microsoft's June 2026 Patch Tuesday update includes a significant batch of eleven vulnerabilities affecting the Windows DWM (Desktop Window Manager) Core Library. Disclosed simultaneously on June 9, 2026, these flaws present a range of risks, from information disclosure to critical privilege escalation, impacting local attackers. The coordinated disclosure highlights a focused effort to address weaknesses within a core Windows component.
The eleven CVEs can be broadly categorized into two main types of vulnerabilities: out-of-bounds reads and use-after-free errors. Two medium-severity vulnerabilities, CVE-2026-48566 and CVE-2026-44814, are described as out-of-bounds reads. These flaws allow an authorized local attacker to disclose information, potentially revealing sensitive data accessible only within the system's memory.
The majority of the disclosed vulnerabilities, nine in total, are classified as high-severity use-after-free errors. These include CVE-2026-45637, CVE-2026-44813, CVE-2026-44811, CVE-2026-44808, CVE-2026-44807, CVE-2026-44804, CVE-2026-44802, CVE-2026-42983, and CVE-2026-42905. A use-after-free vulnerability occurs when a program attempts to access memory after it has been freed, which can lead to unpredictable behavior, including crashes and, critically, privilege escalation. In this context, an authorized local attacker could exploit these flaws to gain elevated permissions on the affected Windows systems.
While the provided information does not detail specific threat actor activity or in-the-wild exploitation for this particular batch of DWM Core Library vulnerabilities, the disclosure coincides with Microsoft's June 2026 Patch Tuesday. This event addressed a total of 198 vulnerabilities, including three zero-days, underscoring the general importance of timely patching. The inclusion of these DWM flaws within the broader security update suggests Microsoft's proactive approach to mitigating potential risks before they are widely exploited.
Microsoft has addressed all eleven of these Windows DWM Core Library vulnerabilities through its June 2026 security updates. Users are strongly advised to apply these patches as soon as possible to protect their systems from potential local privilege escalation and information disclosure attacks. The specific versions affected and patched are detailed in Microsoft's official security advisories, which are part of the June Patch Tuesday rollout. Staying current with Windows updates is crucial for maintaining system security against such vulnerabilities.
This coordinated disclosure of eleven vulnerabilities in the Windows DWM Core Library serves as a reminder of the complex security landscape of operating systems. The concentration of high-severity privilege escalation flaws highlights the potential impact of vulnerabilities in core system components. Users should prioritize the application of the June 2026 security updates to safeguard against these identified risks.