Microsoft has released a security patch addressing a critical out-of-bounds vulnerability in Desktop Windows Manager (DWM) that could allow local attackers to escalate privileges on Windows systems.
The vulnerability, tracked as CVE-2025-55681, resides in the dwmcore!CBrushRenderingGraphBuilderAddEffectBrush function and affects Windows systems through a complex attack chain.
The flaw was discovered during the TyphoonPWN Windows security competition, where it placed second in the vulnerability category.
https://cyberpress.org/microsoft-deskto ... erability/