CVE-2024-30051 — Microsoft DWM Core Library Privilege Escalation Vulnerability

2024-05-14 • CISA Known Exploited Vulnerability

[event] Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.

> AFFECTED SOFTWARE

Field	Value
Vendor	Microsoft
Product	DWM Core Library
CWE	CWE-122
CVE ID	CVE-2024-30051
Date Added	2024-05-14
Due Date	2024-06-04
Ransomware Campaign	Known — this vulnerability has been leveraged in ransomware campaigns

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-06-04