—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Microsoft Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

Microsoft Office

Windows

Extended Security Updates (ESU)

Azure

Developer Tools

SQL Server

Overview

Multiple vulnerabilities have been reported in Microsoft Products which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, perform spoofing attacks or cause denial of service conditions on the targeted system.

Target Audience:

Individuals and IT administrators, security teams responsible for maintaining and updating Microsoft products.

Risk Assessment:

Risk of remote code execution, system instability or sensitive information disclosure.

Impact Assessment:

Potential compromise of system, exfiltration of data, ransomware attacks or system crashes.

Description

Multiple vulnerabilities have been reported in Microsoft Products which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, perform spoofing attacks or cause denial of service conditions on the targeted system.

An information disclosure vulnerability (CVE-2026-20805) exists in the Windows Desktop Window Manager (DWM). An authenticated local attacker could exploit this vulnerability to gain access to sensitive information.

Note: This vulnerability (CVE-2026-20805) is being exploited in the wild. Users are advised to apply patches immediately.

For complete list of affected products, CVEs, workarounds and solutions, refer to the Microsoft security updates.

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan

Solution

Apply the security updates released by Microsoft:  

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlnsW8ACgkQ3jCgcSdc

ys8AVQ//cbodlrHcC0buO/07tkx2PQ3r543lLkoq52KSNIM6T5AwOL1YhxXIbMOX

LShJj/39tfz1SQ7lvan3Sg9ehluSyoxSSQOhal4LvnOtlGDMi5dFq+8r24tyI7M7

RzlWcZ1xRIiNxhUdIpbE/bLVTLOJMuwOPHtHhhJP20l2rK7nN4Hef/QCRQXqjYWn

pivvSqhZgAeZoHflTkZrQad/nSi8v3oV+P/vmDNqxdyzRJ66kz7g6I1D1+D2w9gV

HFeZTvCC/ROcTZFYpxom1P9gUfsOkJTPACgu586oAA9vByR0YG/pHl2ElLNCkR50

YY8S/Iq4YTEN8VWvrvJSyPmPebi4PLzwY/Hbnes7JzXUKmF7r7EIVXTjLYBkmZmH

gsHZL0jsOP5jxDh+2dOdxtD+iQfqw26cOCXPhNC3h7B1Qv6FfLiz4GGVc0LmPt4Y

edz93Bwq2f7RTBUxQD6Z0ev6IFaZR8vh0LTXmX7RPFweyZwpnRQ2ViMCPWsrnUyy

eyFacEyvq4JLb1NuebbFSRkXoIGLw36ZziIFoQNlMrbDkXogmfcvGPB0GGx5JH0y

24dBk8BBTTIW2iWSlGhNubbyH7W9jErM6qMAcPP9cuateeBBogQ1BmXW35dXCjJo

NH4VcUghQkMs/edOM8dfQU+h7Fp0ZmglvHNw0VJRtZ2LqhVog34=

=edbc

—–END PGP SIGNATURE—–