Microsoft’s January 2026 Patch Tuesday addresses 112 CVEs, including a critical zero-day affecting Desktop Window Manager. Several high-risk vulnerabilities, such as privilege escalation and remote code execution flaws, have been fixed to strengthen system security. #CVE-2026-20805 #DesktopWindowManager
Keypoints
- The update includes fixes for a zero-day vulnerability in Desktop Window Manager (CVE-2026-20805).
- Eight vulnerabilities are considered “exploitation more likely,” with severity ratings of 7.8 or higher.
- Notable flaws include privilege escalation in Windows Installer, Error Reporting Service, and NTFS driver.
- Three high-severity bugs have a rating of 8.8, affecting SharePoint Server and RRAS remote code execution.
- CISA added the zero-day CVE-2026-20805 to its KEV catalog shortly after Microsoft’s announcement.
Read More: https://thecyberexpress.com/patch-tuesday-january-2026-zero-day/