🟠 High | Source: Microsoft Security Response Center
CVE-2026-45637 is an elevation of privilege vulnerability in the Microsoft Desktop Window Manager (DWM) Core Library, a Windows component relevant to environments running Windows-based Azure virtual machines and hybrid workloads. The vulnerability could allow a local attacker to gain elevated system privileges. This update is an informational change to acknowledgements only — no new patches or exploitability changes have been introduced.
Security Architect’s Take: No immediate action is required as this is solely an acknowledgement update with no change to patch status or exploitability. However, ensure Windows-based Azure VMs and hybrid endpoints are already patched against CVE-2026-45637 as part of your standard patch management cycle, and verify that your vulnerability management tooling reflects the latest advisory metadata.
Original advisory: CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability