- Description
- Windows DWM Core Library Elevation of Privilege Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- NVD-CWE-noinfo
- secure@microsoft.com
- CWE-822
- Hype score
- Not currently trending
This patch day Microsoft fixed CVE-2024-43629 (CWE-822) vulnerability that I found in dwmcore.dll. Attacker might have had partial control over a pointer to CDrawListBitmap class instance. Additional details you can find here https://t.co/LqhbuG69qA
@immortalp0ny
20 Nov 2024
1190 Impressions
7 Retweets
15 Likes
10 Bookmarks
0 Replies
0 Quotes
🚨 #Windows DWM Flaw: Patch Now to Avoid Privilege Escalation (#CVE-2024-43629) https://t.co/O3pJSo0HBb
@UndercodeNews
19 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Windows DWM Flaw: Patch Now to Avoid Privilege Escalation (#CVE-2024-43629) https://t.co/O3pJSo1fqJ
@UndercodeNews
19 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#patchdiff CVE-2024-43629 can indirect bypass the process check about DWM of NtDCompositionDuplicateHandleToProcess lead to kernel arbitrary address write. https://t.co/rvbBEuioKS
@TinySecEx
13 Nov 2024
6726 Impressions
14 Retweets
88 Likes
31 Bookmarks
2 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "81C732A1-CC0F-4633-B00D-473869E77DB9",
"versionEndExcluding": "10.0.17763.6532"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "AF9C20B8-CB5E-46C9-B041-D6A42C26703B",
"versionEndExcluding": "10.0.17763.6532"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "71AD0B79-C3EF-4E13-AB04-D5FAEABA6954",
"versionEndExcluding": "10.0.19044.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "B35413A3-DE3B-4E35-AB48-C6D5D138AC07",
"versionEndExcluding": "10.0.19044.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "D0558F5F-A561-41E9-9242-7F4A5D924479",
"versionEndExcluding": "10.0.19044.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "EA243DE7-EDB1-43DA-AD7E-541843DECB58",
"versionEndExcluding": "10.0.19045.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "5D428E06-FC7C-4151-9582-D66D05D7AFE6",
"versionEndExcluding": "10.0.19045.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "FB49C811-F4D7-46EB-9ED6-50CB3EAAAD90",
"versionEndExcluding": "10.0.19045.5131"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "04BC0915-6F14-4D7A-951F-83CBAB47C3C4",
"versionEndExcluding": "10.0.22621.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "8A16CFCB-D002-4F63-B568-9D14ACE88E94",
"versionEndExcluding": "10.0.22621.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "B8FE14E5-7226-43CA-A57E-A81636185AD4",
"versionEndExcluding": "10.0.22631.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "97507261-3969-4EBF-BCED-93FBADCBB6DC",
"versionEndExcluding": "10.0.22631.4460"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "D32C04CA-E5BE-47CA-AF79-B39859288531",
"versionEndExcluding": "10.0.26100.2314"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "40A6B92E-21C6-4BDD-BA57-DC227FF0F998",
"versionEndExcluding": "10.0.26100.2314"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A43E1F6C-B2A7-4DEC-B4EC-04153746C42B",
"versionEndExcluding": "10.0.17763.6532"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38D9CE84-B85F-42B0-959D-A390427A1641",
"versionEndExcluding": "10.0.20348.2849"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A549BD98-3DE2-4EF3-A579-12AFCB764975",
"versionEndExcluding": "10.0.25398.1251"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F17FD7F-254D-4EE6-9D22-468E76D9B054",
"versionEndExcluding": "10.0.26100.2314"
}
],
"operator": "OR"
}
]
}
]