The Indian government just put out a big warning for anyone using Windows 10 or Windows 11. CERT-In, the country’s main cybersecurity team, found a new vulnerability that can leak sensitive system info from affected devices. This is not just a problem for individuals—businesses that depend on Microsoft Windows need to pay attention too.
Risk with Windows 10 and Windows 11
Windows are widely used across the nation, with almost everywhere in India, so the risk is real. This alert really drives home how important it is to update your system and stay on top of security.
What’s actually wrong with Desktop Window Manager?
CERT-In says the issue is in the Desktop Window Manager, the part of Windows that makes all the visuals—the way your windows look, how they move, and the fancy effects. There’s a bug in how it handles some memory objects. If a hacker gets access to a local account—even one with limited permissions—they can use this flaw to peek into system memory and pull out sensitive info.
The bad news is that it does not work over the internet by itself, but attackers can chain it with other tricks to do more damage.
Which users are at risk?
Quite a few people, honestly. The advisory lists Windows 10 (versions 1607, 1809, 21H2, 22H2) and Windows 11 (23H2, 24H2, 25H2) as vulnerable.
It also includes a bunch of Windows Server versions, from 2012 up through 2025. CERT-In calls this a medium-severity issue.
Still, if attackers get the info they want, it could help them dodge protections like Address Space Layout Randomisation.
The real danger here is that leaked system info can open the door for privilege escalation—that’s where someone with limited access finds a way to take over more of the system. In a business setting, skipping these patches could make your whole network easier to attack.
So what should you do?
CERT-In says update your system now. Don’t wait. Go to Windows Update, check for the latest patches, and install them. Also, steer clear of untrusted local accounts and keep up with basic cybersecurity habits.
Overall, this is your reminder to stay on top of Windows updates. The flaw is not something hackers can use remotely on its own, but dragging your feet on patches just is not worth the risk. Updating your system is still the best way to protect yourself.
