By Matt Kapko
Publication Date: 2026-01-13 22:35:00
Microsoft’s first security update of 2026 addressed 112 vulnerabilities affecting its products and underlying systems, including one actively exploited zero-day in Desktop Window Manager.
The company’s latest Patch Tuesday update marks the second consecutive month with no critical vulnerabilities disclosed. The batch of patches also contains more than 110 CVEs for the second January in a row.
The zero-day vulnerability — CVE-2026-20805 — is an information disclosure defect with a CVSS rating of 5.5 that can be exploited by an unauthorized attacker to expose sensitive information. The Cybersecurity and Infrastructure Security Agency added the defect to its known exploited vulnerabilities catalog Tuesday.
Information disclosure vulnerabilities are sporadically exploited in the wild, but not often, according to Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative. “This shows how memory leaks can be as important as code…
