Windows isn’t the most secure OS around, and new vulnerabilities often get discovered. However, this latest one can breach your PC within 300 milliseconds—meaning it’s best you update your PC right away.

Hackers Can Breach Your PC Within the Blink of an Eye

The vulnerability lets an attacker exploit Windows 11’s Mobile devices feature via an advanced DLL hijacking technique. The vulnerability is tracked as CVE-2025-24076 and has already been cataloged in Microsoft’s security vulnerabilities database.

Specifically, the bug targets a DLL file loaded by Windows 11’s camera feature, replacing it with a malicious DLL to give an attacker elevated privileges on your system. Windows uses this feature to let you use your phone as a webcam, but it also happens to be an attacker’s entry point into your system.

In the example shown by John Ostrowski in his Compass Security blog, the attack successfully went through on an updated Windows 11 installation and created a file in the C: drive that only users with administrator privileges can access. The method can be used to slip malware onto a targeted PC and execute it with admin privileges.

The attacker only has around a 300 millisecond window to replace the DLL used by Mobile devices with the malicious version. However, Ostrowski, along with James Forshaw, figured out a way to halt the program when the DLL is accessed. Then, using Microsoft’s Detours library, they intercepted Mobile devices‘ calls for the targeted DLL and replaced it with the malicious version that allows privilege escalation.

Another vulnerability tracked as CVE-2025-24994 was also discovered during the process, which potentially enables a user-to-user attack. However, CVE-2025-24076 is the more pressing issue.

Update Your System Now to Protect Yourself

The vulnerabilities were discovered on September 20, 2024, and reported to Microsoft on October 8. It took Microsoft a couple of months to patch the bugs, but it released an update on March 11, 2025, to fix the issues. The vulnerability hasn’t been exploited in the wild yet, and the company thinks exploitation is unlikely to happen.

Exploiting the bug also requires user interaction, albeit with low privileges. An attacker would first have to log onto the targeted system to trigger an event that can exploit the vulnerability, making a successful attack harder.

As a Windows user, as long as you’ve installed Microsoft’s March security updates, you’re protected from the issue. If you haven’t already, we strongly urge you to update to the latest Windows version available. Be careful, though, scammers are using fake Windows updates to steal your files now, so make sure you only use the Windows Update section in the OS settings to install any updates.