Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Desktop Window Manager actively exploited information disclosure (CVE-2026-20805)

Vulnerability
First reported
Last updated
Happening score
H score 43
2 unique sources, 2 articles

Summary

Hide ▲

Microsoft patched CVE-2026-20805, an actively exploited information disclosure flaw in Desktop Window Manager that can expose sensitive memory information locally. The bug lets an authorized attacker disclose information through a remote ALPC port, including memory addresses and a section address from user-mode memory. The fix is part of January 2026 Patch Tuesday, making the issue important for systems that rely on Windows desktop components.

Related Happenings

Microsoft Edge stops loading saved passwords into cleartext memory at startup

Security Tool/Service
First: 15.05.2026 17:49 Last: 15.05.2026 17:49 Sources 1

About this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...

Open Happening

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Open Happening

Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale

Security Tool/Service
First: 13.05.2026 16:46 Last: 13.05.2026 16:46 Sources 1

About this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....

Open Happening

Windows RPC PhantomRPC local privilege escalation flaw

Vulnerability
First: 28.04.2026 14:31 Last: 28.04.2026 14:31 Sources 1

About this happening: **PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...

Open Happening

Microsoft Windows RDP security warning dialog rendering issue after April 2026 updates

Security Tool/Service
First: 28.04.2026 12:51 Last: 28.04.2026 12:51 Sources 1

About this happening: **Microsoft** confirmed that newly introduced **Windows security warnings** for opening **Remote Desktop (.rdp) files** can display incorrectly, reducing users' ability to review...

Open Happening

Timeline

  1. 13.01.2026 20:34 3 articles · 4mo ago

    Microsoft discloses CVE-2026-20805 in Desktop Window Manager

    Initial Disclosure

    Microsoft's January 2026 Patch Tuesday includes CVE-2026-20805, an actively exploited information disclosure flaw in Desktop Window Manager that can let an authorized attacker disclose information locally and read memory addresses associated with a remote ALPC port, including a section address from user-mode memory; the fix is included in the January 2026 cumulative update.

    Show sources
    Open in new tab