Information disclosure in Desktop Window Manager, CVSS 5.5, and actively exploited. The textbook case for why CVSS scoring alone shouldn’t drive patch priority. Patch Tuesday also closed 112 other CVEs including two Preview-Pane Office RCEs.
← Findings
Windows DWM zero-day exploited in the wild
Information disclosure in Desktop Window Manager, CVSS 5.5, and actively exploited. Textbook case for why CVSS alone shouldn't drive patch priority.