Windows isn’t the most secure OS around, and new vulnerabilities often get discovered. However, this latest one can breach your PC within 300 milliseconds—meaning it’s best you update your PC right away.
Hackers Can Breach Your PC Within the Blink of an Eye
The vulnerability lets an attacker exploit Windows 11’sMobile devicesfeature via an advanced DLL hijacking technique. The vulnerability is tracked as CVE-2025-24076 and has already been cataloged inMicrosoft’s security vulnerabilities database.
Specifically, the bug targets a DLL file loaded by Windows 11’s camera feature, replacing it with a malicious DLL to give an attacker elevated privileges on your system. Windows uses this feature to let youuse your phone as a webcam, but it also happens to be an attacker’s entry point into your system.
In the example shown by John Ostrowski in hisCompass Security blog, the attack successfully went through on an updated Windows 11 installation and created a file in the C: drive that only users with administrator privileges can access. The method can be used to slip malware onto a targeted PC and execute it with admin privileges.
The attacker only has around a 300 millisecond window to replace the DLL used byMobile deviceswith the malicious version. However, Ostrowski, along with James Forshaw, figured out a way to halt the program when the DLL is accessed. Then, using Microsoft’s Detours library, they interceptedMobile devices' calls for the targeted DLL and replaced it with the malicious version that allows privilege escalation.
Another vulnerability tracked as CVE-2025-24994 was also discovered during the process, which potentially enables a user-to-user attack. However, CVE-2025-24076 is the more pressing issue.
Update Your System Now to Protect Yourself
The vulnerabilities were discovered on July 22, 2025, and reported to Microsoft on October 8. It took Microsoft a couple of months to patch the bugs, but it released an update on June 21, 2025, to fix the issues. The vulnerability hasn’t been exploited in the wild yet, and the company thinks exploitation is unlikely to happen.
Exploiting the bug also requires user interaction, albeit with low privileges. An attacker would first have to log onto the targeted system to trigger an event that can exploit the vulnerability, making a successful attack harder.
As a Windows user, as long as you’ve installed Microsoft’s March security updates, you’re protected from the issue. If you haven’t already, we strongly urge you to update to the latest Windows version available. Be careful, though, scammers are usingfake Windows updates to steal your filesnow, so make sure you only use theWindows Updatesection in the OS settings to install any updates.
