Cyberpress
Microsoft Patches Critical DWM Vulnerabilities in January 2026
First seen 14 Jan 2026, 06:49 UTC
•

•79% similarity
•37.7
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
On January 13, 2026, Microsoft released a patch for a critical zero-day vulnerability in its Desktop Window Manager (DWM), tracked as CVE-2026-20805, which allowed local attackers to expose sensitive user-mode memory. Additionally, a separate out-of-bounds vulnerability, CVE-2025-55681, was identified, enabling local attackers to escalate privileges to SYSTEM on affected Windows systems, impacting Windows 10 and 11.
ThreatCluster AI