On January 14, Microsoft released its January Security Update, addressing 112 security vulnerabilities across various products, such as Windows, Microsoft Office, SQL Server, and Azure. The update includes critical vulnerabilities classified as high-risk, particularly the Desktop Window Manager Information Disclosure Vulnerability (CVE-2026-20805), which has already been exploited in the wild.<\/p>\n
Desktop Window Manager Information Disclosure Vulnerability (CVE-2026-20805)<\/strong>:<\/p>\n Microsoft Office Remote Code Execution Vulnerabilities (CVE-2026-20952\/CVE-2026-20953)<\/strong>:<\/p>\n Microsoft Excel Remote Code Execution Vulnerabilities (CVE-2026-20955\/CVE-2026-20957)<\/strong>:<\/p>\n Microsoft Word Remote Code Execution Vulnerability (CVE-2026-20944)<\/strong>:<\/p>\n Windows LSASS Remote Code Execution Vulnerability (CVE-2026-20854)<\/strong>:<\/p>\n Windows NTFS Remote Code Execution Vulnerability (CVE-2026-20840)<\/strong>:<\/p>\n Windows Graphics Component Privilege Escalation Vulnerability (CVE-2026-20822)<\/strong>:<\/p>\n VBS Enclave Privilege Escalation Vulnerability (CVE-2026-20876)<\/strong>:<\/p>\n\n
\n
\n
\n
\n
\n
\n
\n
Mitigation:<\/h3>\n