Microsoft Patches Critical DWM Vulnerabilities in January 2026

Microsoft Patches Critical DWM Vulnerabilities in January 2026

First seen 14 Jan 2026, 06:49 UTC CybersecuritynewsGbhackersCyberpress 79% similarity 37.7

Article Content

Browse articles
ThreatCluster

On January 13, 2026, Microsoft released a patch for a critical zero-day vulnerability in its Desktop Window Manager (DWM), tracked as CVE-2026-20805, which allowed local attackers to expose sensitive user-mode memory. Additionally, a separate out-of-bounds vulnerability, CVE-2025-55681, was identified, enabling local attackers to escalate privileges to SYSTEM on affected Windows systems, impacting Windows 10 and 11.

ThreatCluster AI

Community

Browse all →