Home / Technology / Windows Patch Fixes 114 Flaws, One Exploited in Wild
Windows Patch Fixes 114 Flaws, One Exploited in Wild
14 Jan
Summary
- 114 Windows flaws addressed, including eight critical ones.
- An actively exploited information disclosure flaw impacts Desktop Windows Manager.
- New updates fix privilege escalation and remote code execution vulnerabilities.
Microsoft has released its initial 2026 security update, addressing a significant number of vulnerabilities within the Windows operating system. The update tackles 114 flaws, categorizing eight as critical and 106 as important, underscoring the ongoing need for robust security measures.
Of particular concern is CVE-2026-20805, an information disclosure vulnerability within the Desktop Windows Manager that is already being exploited. Identified by Microsoft's security teams, this flaw could permit unauthorized users to access sensitive user-mode memory. The exact nature of its exploitation and the involved threat actors remain undisclosed.
Beyond this actively exploited issue, the patch also rectifies numerous other security weaknesses. These include 58 privilege escalation flaws, 22 information disclosure vulnerabilities, and 21 remote code execution flaws. Two specific vulnerabilities, CVE-2026-21265 and CVE-2026-20876, are noted for their potential to bypass firmware security and grant high-level system privileges, respectively.
