Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft security patch release for CVE-2026-20805

Security Patch Release
First reported
Last updated
Happening score
H score 42
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft released January 2026 security updates for Windows and supported software, fixing at least 113 vulnerabilities and 8 critical flaws. The release includes CVE-2026-20805, an actively exploited zero-day in Desktop Window Manager (DWM) that can help attackers bypass ASLR and chain into code execution. It also covers critical Microsoft Office RCE bugs and a Secure Boot bypass, making rapid deployment important across supported Windows systems.

Related Happenings

Microsoft releases RoguePlanet Defender security update for CVE-2026-50656

Security Patch Release
H score32 First: 17.06.2026 20:36 Last: 17.06.2026 20:36 Sources 1

About this happening: **Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...

Latest development: 09.07.2026 11:48

Microsoft released security updates for CVE-2026-50656, remediating the RoguePlanet privilege-escalation flaw in Microsoft Malware Protection Engine (mpengine.dll) with version 1.1.26060.3008 and additional defense-in-depth updates. Microsoft said no customer action is required to install the update.

Microsoft Office launch disruption after June 2026 Windows updates

Service Disruption
H score0 First: 17.06.2026 14:54 Last: 17.06.2026 14:54 Sources 1

About this happening: Microsoft is investigating a **Windows update-related disruption** that can stop **third-party applications** from launching **Word, Excel, PowerPoint, Access** or opening documen...

ESET analysis of SprySOCKS Windows variants adds IOC-backed detection guidance

Technical Analysis
H score34 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **ESET** identified previously undocumented **Windows variants** of **SprySOCKS**, a backdoor attributed to **FishMonger** and linked to **I-Soon**. The **WIN_DRV** and **WIN_PLUS...

Microsoft security patch release for CVE-2026-42824

Security Patch Release
H score30 First: 15.06.2026 16:00 Last: 15.06.2026 16:00 Sources 1

About this happening: Microsoft's **fix for SearchLeak** in **Microsoft 365 Copilot Enterprise** closed a **critical** flaw tied to **CVE-2026-42824** that could expose **mailbox, OneDrive, and SharePo...

Microsoft security patch release for CVE-2026-42897

Security Patch Release
H score44 First: 10.06.2026 16:44 Last: 10.06.2026 16:44 Sources 1

About this happening: **Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...

Timeline

  1. 14.01.2026 02:47 2 articles · 5mo ago

    Microsoft January 2026 Windows patch release with exploited DWM zero-day

    Initial Disclosure

    Microsoft issued January 2026 security updates for Windows and supported software, fixing at least 113 vulnerabilities and 8 critical flaws while warning that CVE-2026-20805 in Desktop Window Manager (DWM) is already being exploited in the wild. The release also includes Microsoft Office remote code execution bugs triggered through the Preview Pane, removal of legacy modem drivers tied to CVE-2023-31096, and remediation for the Windows Secure Boot bypass CVE-2026-21265 across supported Windows systems.

    Show sources