PatchSiren cyber security CVE debrief
CVE-2026-44802 Microsoft CVE debrief
CVE-2026-44802 is a use-after-free vulnerability in the Windows DWM Core Library. This vulnerability has a CVSS score of 7.8 and is classified as HIGH severity. An authorized attacker can exploit this vulnerability to elevate privileges locally. The vulnerability was published on [cvePublishedAt]2026-06-09T17:17:16.010Z[/cvePublishedAt] and last modified on [cveModifiedAt]2026-06-12T17:05:08.167Z[/cveModifiedAt].
- Vendor
- Microsoft
- Product
- Windows 10 Version 1809
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Administrators and users of Windows operating systems should be aware of this vulnerability, especially in environments where local privilege escalation is a concern.
Technical summary
The vulnerability is caused by a use-after-free issue in the Windows DWM Core Library. This type of vulnerability occurs when a program tries to use memory after it has been freed, which can lead to unpredictable behavior, crashes, or, in this case, potential privilege escalation.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Microsoft as soon as possible.
- Ensure that all Windows operating systems and related components are up-to-date.
- Monitor systems for unusual activity that could indicate exploitation.
Evidence notes
The CVE record and details are sourced from official databases and vendor advisories.
Official resources
-
CVE-2026-44802 CVE record
CVE.org
-
CVE-2026-44802 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-44802 was published on [cvePublishedAt]2026-06-09T17:17:16.010Z[/cvePublishedAt].