The Indian government has raised an alert for Windows 10 and 11 users following the discovery of a security vulnerability that could compromise sensitive system information. CERT‑In, the national cybersecurity agency, has flagged the issue as a potential risk even for devices with standard security settings.
The flaw is located in the Desktop Window Manager (DWM), the component responsible for managing the Windows graphical interface. CERT‑In has identified that improper memory handling in this module may allow a local attacker with minimal access to retrieve sensitive system information. While the vulnerability does not directly allow remote hacking, it could be exploited in combination with other techniques to escalate attacks.
Affected systems include multiple Windows 10 versions (1607, 1809, 21H2, 22H2) and Windows 11 editions (23H2, 24H2, 25H2), along with several Windows Server versions from 2012 through 2025. CERT‑In has rated the risk medium, highlighting that exposure of memory data could bypass security protections like Address Space Layout Randomisation (ASLR).
The advisory emphasizes that users should install the latest Microsoft security updates immediately via Windows Update. Enterprises and individual users are urged to maintain proper system hygiene, avoid untrusted software, and use accounts with limited privileges where possible.
Although no major exploit of this vulnerability has been reported yet, CERT‑In stresses that prompt patching is critical to protect data and maintain system security. Ignoring the update could leave systems vulnerable to future attacks, especially in enterprise environments where sensitive data is processed daily.
Also Read: Gold at ₹1.43 lakh , Silver rises ₹2.95 lakh