The CISA has added a vulnerability in Microsoft Windows, tracked as CVE-2026-20805 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities catalog. Released this week in the Microsoft Patch Tuesday security update, this CVE is a Windows Desktop Window Manager flaw that lets attackers leak small pieces of memory information that can help attackers bypass security protection and is being actively exploited in the wild.
Here’s some insights from Adrian Culley, Senior Sales Engineer for SafeBreach and OWASP contributor:
“This is a ‘detected in the wild’ zero day attack. There is no publicly disclosed code or PoC, yet. CVE-2026-20805 is an information disclosure vulnerability affecting Desktop Window Manager. It was assigned a CVSSv3 score of 5.5 and was rated as important. Successful exploitation allows an authenticated attacker to access sensitive data. According to Microsoft, this vulnerability was exploited in the wild as a zero-day. Since exploitation requires local access and privileges, remote exploitation is not feasible, reducing the attack surface.”
This link from Microsoft has more details on this, along with the list of applicable patches from Microsoft depending on which Microsoft OS you’re running. It’s worth a read as this is one that you want to make sure that you’re defended against. Even if it’s not remotely exploitable.
Related
This entry was posted on January 15, 2026 at 1:22 pm and is filed under Commentary with tags CISA, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Windows exploit catches the attention of the CISA
The CISA has added a vulnerability in Microsoft Windows, tracked as CVE-2026-20805 (CVSS Score of 8.7), to its Known Exploited Vulnerabilities catalog. Released this week in the Microsoft Patch Tuesday security update, this CVE is a Windows Desktop Window Manager flaw that lets attackers leak small pieces of memory information that can help attackers bypass security protection and is being actively exploited in the wild.
Here’s some insights from Adrian Culley, Senior Sales Engineer for SafeBreach and OWASP contributor:
“This is a ‘detected in the wild’ zero day attack. There is no publicly disclosed code or PoC, yet. CVE-2026-20805 is an information disclosure vulnerability affecting Desktop Window Manager. It was assigned a CVSSv3 score of 5.5 and was rated as important. Successful exploitation allows an authenticated attacker to access sensitive data. According to Microsoft, this vulnerability was exploited in the wild as a zero-day. Since exploitation requires local access and privileges, remote exploitation is not feasible, reducing the attack surface.”
This link from Microsoft has more details on this, along with the list of applicable patches from Microsoft depending on which Microsoft OS you’re running. It’s worth a read as this is one that you want to make sure that you’re defended against. Even if it’s not remotely exploitable.
Share this:
Like this:
Related
This entry was posted on January 15, 2026 at 1:22 pm and is filed under Commentary with tags CISA, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.