关于Microsoft DWM 核心库权限提升漏洞(CVE-2025-30400)的预警通报
近日,工作发现最新漏洞威胁:Microsoft DWM 核心库权限提升漏洞CVE-2025-30400
攻击者可以利用该漏洞在目标系统上获取更高的权限。该漏洞存在在野利用经过评估,危害比较大,建议用户及时更新微软安全补丁。
目前受影响的Windows版本:
Windows Server 2025 (Server Core installation)
Windows Server 2025
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
微软官方已更新受影响软件的安全补丁,用户可根据不同系统版本下载安装对应的安全补丁,安全更新链接如下:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30400
请各单位增强网络安全防护意识,立即排查Microsoft 产品使用情况,并督促指导受影响单位及时升级漏洞补丁,消除风险隐患。同时,加强网络安全监测,如发现遭攻击情况及时处置并报告。