Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft security patch release for CVE-2026-20805

Security Patch Release
First reported
Last updated
Happening score
H score 57
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft released January 2026 security updates for Windows and supported software, fixing at least 113 vulnerabilities and 8 critical flaws. The release includes CVE-2026-20805, an actively exploited zero-day in Desktop Window Manager (DWM) that can help attackers bypass ASLR and chain into code execution. It also covers critical Microsoft Office RCE bugs and a Secure Boot bypass, making rapid deployment important across supported Windows systems.

Related Happenings

Pretalx version 2026.1.0 security update for CVE-2026-41241

Security Patch Release
First: 27.05.2026 17:30 Last: 27.05.2026 17:30 Sources 1

About this happening: **Pretalx** released **version 2026.1.0** to patch **CVE-2026-41241**, a **stored XSS** flaw that could compromise organizer accounts in conference deployments. The update closes...

Open Happening

Microsoft security patch release for CVE-2026-45659

Security Patch Release
First: 26.05.2026 14:49 Last: 26.05.2026 14:49 Sources 1

About this happening: Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...

Open Happening

Ghost CMS CVE-2026-26980 ClickFix campaign

Campaign
First: 24.05.2026 17:12 Last: 24.05.2026 17:12 Sources 1

About this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...

Open Happening

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Open Happening

Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)

Advisory/Mitigation
First: 20.05.2026 10:31 Last: 20.05.2026 10:31 Sources 1

About this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...

Open Happening

Timeline

  1. 14.01.2026 02:47 2 articles · 4mo ago

    Microsoft January 2026 Windows patch release with exploited DWM zero-day

    Initial Disclosure

    Microsoft issued January 2026 security updates for Windows and supported software, fixing at least 113 vulnerabilities and 8 critical flaws while warning that CVE-2026-20805 in Desktop Window Manager (DWM) is already being exploited in the wild. The release also includes Microsoft Office remote code execution bugs triggered through the Preview Pane, removal of legacy modem drivers tied to CVE-2023-31096, and remediation for the Windows Secure Boot bypass CVE-2026-21265 across supported Windows systems.

    Show sources
    Open in new tab