{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/dwm-core-library/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-34336"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DWM Core Library"],"_cs_severities":["medium"],"_cs_tags":["vulnerability","information-disclosure","windows"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-34336 is a buffer over-read vulnerability affecting the Windows DWM (Desktop Window Manager) Core Library. The vulnerability allows an attacker with local access and valid credentials to potentially read sensitive information from memory. Due to the nature of the vulnerability being a buffer over-read, it could lead to the disclosure of information that could be leveraged for further exploitation or to gain unauthorized access to sensitive data. The CVSS v3.1 score is rated as High (7.8), indicating a significant potential impact if successfully exploited. Defenders should apply the security update provided by Microsoft to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains local access to a Windows system with valid user credentials.\u003c/li\u003e\n\u003cli\u003eAttacker executes a specially crafted application that interacts with the DWM Core Library.\u003c/li\u003e\n\u003cli\u003eThe crafted application triggers a buffer over-read within the DWM Core Library during a memory operation.\u003c/li\u003e\n\u003cli\u003eThe over-read allows the application to read data beyond the intended buffer boundary in memory.\u003c/li\u003e\n\u003cli\u003eSensitive information, such as cryptographic keys or other user data, is exposed due to the buffer over-read.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s application captures the disclosed information from the memory.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the captured information to identify sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the disclosed sensitive information to escalate privileges or gain unauthorized access to other resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34336 allows an attacker to read potentially sensitive information from the memory of the affected system. This information could include user credentials, cryptographic keys, or other confidential data. An attacker with this information can escalate their privileges, compromise other systems, or steal sensitive data. This vulnerability requires local access, limiting the scale of potential attacks, but successful exploitation can have significant consequences for affected systems and users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Microsoft to patch CVE-2026-34336 in the Windows DWM Core Library as referenced in the advisory URL.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unusual or unsigned executables interacting with the DWM.exe process using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eEnable and review Windows event logs for any errors related to the DWM service to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T18:23:04Z","date_published":"2026-05-12T18:23:04Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-34336-dwm-buffer-overread/","summary":"CVE-2026-34336 is a buffer over-read vulnerability in the Windows DWM Core Library, allowing a local, authenticated attacker to disclose sensitive information.","title":"CVE-2026-34336 - Windows DWM Core Library Buffer Over-Read Information Disclosure","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-34336-dwm-buffer-overread/"}],"language":"en","title":"CraftedSignal Threat Feed — DWM Core Library","version":"https://jsonfeed.org/version/1.1"}