Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Posted on By CWS

Microsoft’s first spherical of Patch Tuesday updates for 2026 addresses 112 vulnerabilities, together with a zero-day that has been actively exploited in assaults. 

The exploited vulnerability is tracked as CVE-2026-20805 and it has been described by Microsoft as an important-severity info disclosure difficulty within the Desktop Home windows Supervisor part of Home windows. 

“Publicity of delicate info to an unauthorized actor in Desktop Home windows Supervisor permits a certified attacker to reveal info domestically,” Microsoft stated in its advisory, including, “The kind of info that may very well be disclosed if an attacker efficiently exploited this vulnerability is a bit deal with from a distant ALPC port which is user-mode reminiscence.”

CVE-2026-20805 was found by Microsoft’s personal researchers, however the tech large doesn’t seem to have shared any info on the assaults exploiting the zero-day.

Development Micro’s ZDI believes menace actors have doubtless exploited the flaw in focused assaults, as a part of an exploit chain the place the deal with obtained on account of CVE-2026-20805’s exploitation is helpful for reaching arbitrary code execution. 

“This exhibits how reminiscence leaks might be as essential as code execution bugs since they make the RCEs dependable,” famous ZDI’s Dustin Childs.Commercial. Scroll to proceed studying.

Two Home windows vulnerabilities patched this month have been disclosed publicly earlier than the fixes turned out there: CVE-2026-21265 (Safe Boot bypass) and CVE-2023-31096 (privilege escalation).

Based mostly on Microsoft’s evaluation, solely the latter is ‘extra doubtless’ to be exploited within the wild.

Eight Home windows and Workplace vulnerabilities patched this month have been assigned a essential severity score. A majority might be exploited for distant code execution, and a pair for privilege escalation. 

Along with Home windows and Workplace functions, Microsoft has resolved vulnerabilities in Azure and SharePoint. 

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Microsoft Patches Actively Exploited Home windows Kernel Zero-Day

Associated: Microsoft Bug Bounty Program Expanded to Third-Social gathering Code

Security Week News Tags:, , , , ,

Related Posts

Ad and PR Giant Dentsu Says Hackers Stole Merkle Data Ad and PR Giant Dentsu Says Hackers Stole Merkle Data Security Week News
LastPass Users Targeted With Backup-Themed Phishing Emails LastPass Users Targeted With Backup-Themed Phishing Emails Security Week News
AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points Security Week News
Iranian Hackers Target Defense and Government Officials in Ongoing Campaign Iranian Hackers Target Defense and Government Officials in Ongoing Campaign Security Week News
Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking Security Week News
Resemble AI Raises Million for AI Threat Detection Resemble AI Raises $13 Million for AI Threat Detection Security Week News