CVE-2024-26172: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1809
Windows DWM Core Library Information Disclosure Vulnerability
AI Analysis
Technical Summary
CVE-2024-26172 is an information disclosure vulnerability identified in the Desktop Window Manager (DWM) Core Library component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability is classified under CWE-125, which corresponds to an out-of-bounds read error. This type of flaw occurs when the software reads data outside the boundaries of allocated memory buffers, potentially exposing sensitive information from adjacent memory locations. In this case, the vulnerability allows an attacker with limited privileges (requires local access and low privileges) to cause the DWM Core Library to read memory beyond its intended bounds. Although the vulnerability does not directly impact confidentiality or integrity, it can lead to a denial of service (availability impact) by causing the affected system component to crash or become unstable. The CVSS v3.1 base score is 5.5 (medium severity), reflecting the local attack vector (AV:L), low attack complexity (AC:L), and the requirement for low privileges (PR:L) but no user interaction (UI:N). The scope remains unchanged (S:U), and the impact is limited to availability (A:H) with no confidentiality or integrity loss. There are no known exploits in the wild at the time of publication, and no official patches have been linked yet. The vulnerability was reserved in February 2024 and published in April 2024. The affected version, Windows 10 Version 1809, is an older release, but still in use in some enterprise environments, especially where legacy systems are maintained. The vulnerability could be leveraged by an attacker who has local access to cause system instability or denial of service conditions, potentially disrupting business operations or critical services running on affected machines.
Potential Impact
For European organizations, the primary impact of CVE-2024-26172 is the potential for denial of service on systems running Windows 10 Version 1809. This could disrupt business continuity, especially in environments where legacy systems are critical and cannot be easily upgraded. While the vulnerability does not expose confidential data or allow privilege escalation, the availability impact could affect operational technology, customer-facing services, or internal IT infrastructure. Organizations in sectors such as manufacturing, healthcare, and government that rely on older Windows 10 versions may face increased risk of service interruptions. Additionally, the requirement for local access limits remote exploitation, but insider threats or attackers who gain initial foothold via other means could leverage this vulnerability to cause system crashes. Given that Windows 10 Version 1809 is no longer the latest supported version, organizations that have not migrated to newer Windows releases may be disproportionately affected. The absence of known exploits reduces immediate risk, but the medium severity rating suggests that timely mitigation is advisable to prevent potential exploitation in targeted attacks or combined attack chains.
Mitigation Recommendations
1. Upgrade affected systems from Windows 10 Version 1809 to a more recent and supported Windows version where this vulnerability is resolved. This is the most effective mitigation. 2. If upgrading is not immediately feasible, implement strict access controls to limit local user privileges and restrict physical and remote access to affected machines to trusted personnel only. 3. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for abnormal behavior that could indicate exploitation attempts or system instability related to this vulnerability. 4. Regularly audit and inventory systems to identify any running Windows 10 Version 1809 installations and prioritize their remediation. 5. Prepare incident response plans to quickly address potential denial of service incidents caused by this vulnerability, including system restarts and failover procedures. 6. Monitor official Microsoft security advisories for patches or workarounds as they become available and apply them promptly. 7. Educate IT staff about the risks of legacy operating systems and encourage migration planning to reduce exposure to known vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Poland, Netherlands, Belgium, Sweden, Austria
CVE-2024-26172: CWE-125: Out-of-bounds Read in Microsoft Windows 10 Version 1809
Description
Windows DWM Core Library Information Disclosure Vulnerability
AI-Powered Analysis
Technical Analysis
CVE-2024-26172 is an information disclosure vulnerability identified in the Desktop Window Manager (DWM) Core Library component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability is classified under CWE-125, which corresponds to an out-of-bounds read error. This type of flaw occurs when the software reads data outside the boundaries of allocated memory buffers, potentially exposing sensitive information from adjacent memory locations. In this case, the vulnerability allows an attacker with limited privileges (requires local access and low privileges) to cause the DWM Core Library to read memory beyond its intended bounds. Although the vulnerability does not directly impact confidentiality or integrity, it can lead to a denial of service (availability impact) by causing the affected system component to crash or become unstable. The CVSS v3.1 base score is 5.5 (medium severity), reflecting the local attack vector (AV:L), low attack complexity (AC:L), and the requirement for low privileges (PR:L) but no user interaction (UI:N). The scope remains unchanged (S:U), and the impact is limited to availability (A:H) with no confidentiality or integrity loss. There are no known exploits in the wild at the time of publication, and no official patches have been linked yet. The vulnerability was reserved in February 2024 and published in April 2024. The affected version, Windows 10 Version 1809, is an older release, but still in use in some enterprise environments, especially where legacy systems are maintained. The vulnerability could be leveraged by an attacker who has local access to cause system instability or denial of service conditions, potentially disrupting business operations or critical services running on affected machines.
Potential Impact
For European organizations, the primary impact of CVE-2024-26172 is the potential for denial of service on systems running Windows 10 Version 1809. This could disrupt business continuity, especially in environments where legacy systems are critical and cannot be easily upgraded. While the vulnerability does not expose confidential data or allow privilege escalation, the availability impact could affect operational technology, customer-facing services, or internal IT infrastructure. Organizations in sectors such as manufacturing, healthcare, and government that rely on older Windows 10 versions may face increased risk of service interruptions. Additionally, the requirement for local access limits remote exploitation, but insider threats or attackers who gain initial foothold via other means could leverage this vulnerability to cause system crashes. Given that Windows 10 Version 1809 is no longer the latest supported version, organizations that have not migrated to newer Windows releases may be disproportionately affected. The absence of known exploits reduces immediate risk, but the medium severity rating suggests that timely mitigation is advisable to prevent potential exploitation in targeted attacks or combined attack chains.
Mitigation Recommendations
1. Upgrade affected systems from Windows 10 Version 1809 to a more recent and supported Windows version where this vulnerability is resolved. This is the most effective mitigation. 2. If upgrading is not immediately feasible, implement strict access controls to limit local user privileges and restrict physical and remote access to affected machines to trusted personnel only. 3. Employ application whitelisting and endpoint detection and response (EDR) solutions to monitor for abnormal behavior that could indicate exploitation attempts or system instability related to this vulnerability. 4. Regularly audit and inventory systems to identify any running Windows 10 Version 1809 installations and prioritize their remediation. 5. Prepare incident response plans to quickly address potential denial of service incidents caused by this vulnerability, including system restarts and failover procedures. 6. Monitor official Microsoft security advisories for patches or workarounds as they become available and apply them promptly. 7. Educate IT staff about the risks of legacy operating systems and encourage migration planning to reduce exposure to known vulnerabilities.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- microsoft
- Date Reserved
- 2024-02-14T22:23:54.097Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9836c4522896dcbeaf66
Added to database: 5/21/2025, 9:09:10 AM
Last enriched: 6/26/2025, 6:45:50 AM
Last updated: 7/29/2025, 12:05:56 PM
Views: 10
Related Threats
CVE-2025-9008: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-9007: Buffer Overflow in Tenda CH22
HighCVE-2025-9006: Buffer Overflow in Tenda CH22
HighCVE-2025-9005: Information Exposure Through Error Message in mtons mblog
MediumCVE-2025-9004: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.