Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities

Posted on By CWS

Microsoft’s first spherical of Patch Tuesday updates for 2026 addresses 112 vulnerabilities, together with a zero-day that has been actively exploited in assaults. 

The exploited vulnerability is tracked as CVE-2026-20805 and it has been described by Microsoft as an important-severity info disclosure difficulty within the Desktop Home windows Supervisor part of Home windows. 

“Publicity of delicate info to an unauthorized actor in Desktop Home windows Supervisor permits a certified attacker to reveal info domestically,” Microsoft stated in its advisory, including, “The kind of info that may very well be disclosed if an attacker efficiently exploited this vulnerability is a bit deal with from a distant ALPC port which is user-mode reminiscence.”

CVE-2026-20805 was found by Microsoft’s personal researchers, however the tech large doesn’t seem to have shared any info on the assaults exploiting the zero-day.

Development Micro’s ZDI believes menace actors have doubtless exploited the flaw in focused assaults, as a part of an exploit chain the place the deal with obtained on account of CVE-2026-20805’s exploitation is helpful for reaching arbitrary code execution. 

“This exhibits how reminiscence leaks might be as essential as code execution bugs since they make the RCEs dependable,” famous ZDI’s Dustin Childs.Commercial. Scroll to proceed studying.

Two Home windows vulnerabilities patched this month have been disclosed publicly earlier than the fixes turned out there: CVE-2026-21265 (Safe Boot bypass) and CVE-2023-31096 (privilege escalation).

Based mostly on Microsoft’s evaluation, solely the latter is ‘extra doubtless’ to be exploited within the wild.

Eight Home windows and Workplace vulnerabilities patched this month have been assigned a essential severity score. A majority might be exploited for distant code execution, and a pair for privilege escalation. 

Along with Home windows and Workplace functions, Microsoft has resolved vulnerabilities in Azure and SharePoint. 

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Microsoft Patches Actively Exploited Home windows Kernel Zero-Day

Associated: Microsoft Bug Bounty Program Expanded to Third-Social gathering Code

Security Week News Tags:, , , , ,

Related Posts

European Space Agency Confirms Breach After Hacker Offers to Sell Data European Space Agency Confirms Breach After Hacker Offers to Sell Data Security Week News
Ivanti Releases Crucial Patches for Endpoint Manager Ivanti Releases Crucial Patches for Endpoint Manager Security Week News
Ex-WhatsApp Security Chief Sues Meta Over Vulnerabilities, Retaliation Ex-WhatsApp Security Chief Sues Meta Over Vulnerabilities, Retaliation Security Week News
Oracle’s First 2026 CPU Delivers 337 New Security Patches Oracle’s First 2026 CPU Delivers 337 New Security Patches Security Week News
Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation Spanish Authorities Dismantle ‘GXC Team’ Crime-as-a-Service Operation Security Week News
Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk Security Week News