Microsoft security patch release for CVE-2026-20805
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft released January 2026 security updates for Windows and supported software, fixing at least 113 vulnerabilities and 8 critical flaws. The release includes CVE-2026-20805, an actively exploited zero-day in Desktop Window Manager (DWM) that can help attackers bypass ASLR and chain into code execution. It also covers critical Microsoft Office RCE bugs and a Secure Boot bypass, making rapid deployment important across supported Windows systems.
Related Happenings
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch Release
H score32
First: 17.06.2026 20:36
Last: 17.06.2026 20:36
Sources 1
About this happening:
**Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch ReleaseAbout this happening: **Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Latest development: 09.07.2026 11:48
Microsoft released security updates for CVE-2026-50656, remediating the RoguePlanet privilege-escalation flaw in Microsoft Malware Protection Engine (mpengine.dll) with version 1.1.26060.3008 and additional defense-in-depth updates. Microsoft said no customer action is required to install the update.
Microsoft Office launch disruption after June 2026 Windows updates
Service Disruption
H score0
First: 17.06.2026 14:54
Last: 17.06.2026 14:54
Sources 1
About this happening:
Microsoft is investigating a **Windows update-related disruption** that can stop **third-party applications** from launching **Word, Excel, PowerPoint, Access** or opening documen...
Microsoft Office launch disruption after June 2026 Windows updates
Service DisruptionAbout this happening: Microsoft is investigating a **Windows update-related disruption** that can stop **third-party applications** from launching **Word, Excel, PowerPoint, Access** or opening documen...
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical Analysis
H score34
First: 16.06.2026 12:00
Last: 16.06.2026 12:00
Sources 1
About this happening:
**ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...
ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance
Technical AnalysisAbout this happening: **ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...
Microsoft security patch release for CVE-2026-42824
Security Patch Release
H score30
First: 15.06.2026 16:00
Last: 15.06.2026 16:00
Sources 1
About this happening:
Microsoft's **fix for SearchLeak** in **Microsoft 365 Copilot Enterprise** closed a **critical** flaw tied to **CVE-2026-42824** that could expose **mailbox, OneDrive, and SharePo...
Microsoft security patch release for CVE-2026-42824
Security Patch ReleaseAbout this happening: Microsoft's **fix for SearchLeak** in **Microsoft 365 Copilot Enterprise** closed a **critical** flaw tied to **CVE-2026-42824** that could expose **mailbox, OneDrive, and SharePo...
Microsoft security patch release for CVE-2026-42897
Security Patch Release
H score44
First: 10.06.2026 16:44
Last: 10.06.2026 16:44
Sources 1
About this happening:
**Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...
Microsoft security patch release for CVE-2026-42897
Security Patch ReleaseAbout this happening: **Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...
Timeline
-
14.01.2026 02:47 2 articles · 5mo ago
Microsoft January 2026 Windows patch release with exploited DWM zero-day
Initial DisclosureMicrosoft issued January 2026 security updates for Windows and supported software, fixing at least 113 vulnerabilities and 8 critical flaws while warning that CVE-2026-20805 in Desktop Window Manager (DWM) is already being exploited in the wild. The release also includes Microsoft Office remote code execution bugs triggered through the Preview Pane, removal of legacy modem drivers tied to CVE-2023-31096, and remediation for the Windows Secure Boot bypass CVE-2026-21265 across supported Windows systems.
Show sources
- Patch Tuesday, January 2026 Edition — krebsonsecurity.com — 14.01.2026 02:47
- Patch Tuesday, January 2026 Edition — krebsonsecurity.com — 14.01.2026 02:47