The Indian cybersecurity agency, CERT‑In, has issued a warning for users of Windows 10 and 11, following the discovery of a flaw that could allow attackers to access sensitive system data. The advisory is aimed at helping both individual users and businesses safeguard their devices before the vulnerability can be exploited.
The problem is in the Desktop Window Manager, which handles Windows’ interface and visuals. Due to memory handling issues, a local attacker could potentially access sensitive information. While this flaw alone does not allow hackers to remotely take over devices, it could help them plan more advanced attacks if left unpatched.
Windows versions affected include 10 (1607, 1809, 21H2, 22H2) and 11 (23H2, 24H2, 25H2), as well as several Windows Server editions. CERT‑In has labeled the vulnerability medium risk, warning that exposed system memory could weaken protections against attacks.
The advisory urges users to install Microsoft’s latest security updates immediately. Regular patching, cautious use of accounts, and avoiding unverified software are key to staying safe.
No active widespread exploitation has been reported, but CERT‑In emphasizes that timely updates are the best defense. Both individuals and businesses are advised to treat the warning seriously to prevent potential data leaks and maintain the security of their systems.
