Windows vulnerability allows hackers to break into users computers in just 300 milliseconds

Windows isn't the most secure operating system out there, and new vulnerabilities are constantly being discovered. However, this latest vulnerability can infect your PC in as little as 300 milliseconds, which means you should update your PC immediately.

• Windows SmartScreen vulnerability discovered being exploited to spread DarkGate malware

Hackers can break into your PC in the blink of an eye

This vulnerability allows attackers to exploit the Mobile devices feature of Windows 11 through advanced DLL hijacking techniques. The vulnerability is identified as CVE-2025-24076 and has been cataloged in Microsoft's security vulnerability database.

Specifically, the bug targets a DLL file loaded by the Windows 11 camera feature, replacing it with a malicious DLL that gives an attacker elevated privileges on your system. Windows uses this feature to let you use your phone as a webcam, but it's also an attacker's entry point into your system.

In an example presented by John Ostrowski on his Compass Security blog, the attack was successful on an updated Windows 11 installation and created a file in the C: drive that only users with admin rights could access. This method can be used to inject malware onto a target PC and execute it with admin rights.

An attacker has only about 300 milliseconds to replace the DLL used by the mobile device with a malicious version. However, Ostrowski, along with James Forshaw, found a way to stop the program when the DLL was accessed. Then, using Microsoft's Detours library, they intercepted the mobile device's calls to the target DLL and replaced it with a malicious version that allowed for privilege escalation.

Another vulnerability tracked as CVE-2025-24994 was also discovered during this process, which could potentially allow user-to-user attacks. However, CVE-2025-24076 is a more pressing issue.

Update your system now to protect yourself!

The vulnerabilities were discovered on September 20, 2024, and reported to Microsoft on October 8. Microsoft took several months to patch the bugs, but released an update on March 11, 2025 to fix the issue. The vulnerabilities have not yet been exploited in the wild, and the company believes that exploitation is unlikely.

Exploitation of the bug also requires user interaction, albeit with low privileges. An attacker must first log in to the target system to trigger an event that can exploit the vulnerability, making the attack less successful.

As a Windows user, as long as you have installed Microsoft's March security updates, you should be protected from the issue. If you haven't, you should update to the latest version of Windows available. Be careful, though, scammers are using fake Windows updates to steal your files, so make sure you only use the Windows Update section of your operating system settings to install any updates.