Ethical Hacking News
Microsoft has addressed 114 Windows vulnerabilities in its first security update for 2026, including one actively exploited flaw that allows attackers to disclose sensitive information. The update includes patches for multiple privilege escalation and remote code execution flaws, as well as a security feature bypass impacting Secure Boot Certificate Expiration. Prompt patching is essential to maintain trust in Windows security boundaries.
Microsoft has released its first security update for 2026, addressing 114 security flaws in Windows.The update includes patches for 58 privilege escalation vulnerabilities, among others.A actively exploited vulnerability, CVE-2026-20805, impacts Desktop Window Manager (DWM) and allows local attackers to disclose information.Another notable vulnerability is CVE-2026-21265, a security feature bypass impacting Secure Boot Certificate Expiration.Microsoft removed Agere Soft Modem drivers due to a two-year-old privilege escalation flaw.CVE-2026-20876 is another critical-rated privilege escalation flaw in Windows Virtualization-Based Security (VBS) Enclave.
Microsoft has released its first security update for 2026, addressing a total of 114 security flaws in Windows. Among these, eight are rated Critical, and 106 are rated Important in severity. The update includes patches for 58 vulnerabilities classified as privilege escalation, followed by 22 information disclosure, 21 remote code execution, and five spoofing flaws.
The vulnerability that has been actively exploited in the wild is CVE-2026-20805, an information disclosure flaw impacting Desktop Window Manager (DWM). This vulnerability allows a locally authenticated attacker to disclose information, defeat address space layout randomization (ASLR), and other defenses. The Microsoft Threat Intelligence Center (MTIC) and Microsoft Security Response Center (MSRC) have been credited with identifying and reporting the flaw.
"Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager (DWM) allows an authorized attacker to disclose information locally," Microsoft said in an advisory. "The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a section address from a remote ALPC port, which is user-mode memory."
Another vulnerability worth noting is CVE-2026-21265, a security feature bypass impacting Secure Boot Certificate Expiration. This vulnerability could allow an attacker to undermine a crucial security mechanism that ensures that firmware modules come from a trusted source and prevent malware from being run during the boot process.
In November 2025, Microsoft announced that it would be expiring three Windows Secure Boot certificates issued in 2011, effective June 2026. The company urged customers to update their certificates to the 2023 counterparts before the deadline. Additionally, Microsoft removed Agere Soft Modem drivers "agrsm64.sys" and "agrsm.sys" from the operating system due to a two-year-old local privilege escalation flaw (CVE-2023-31096, CVSS score: 7.8) that could allow an attacker to gain SYSTEM permissions.
Furthermore, CVE-2026-20876 is another critical-rated privilege escalation flaw in Windows Virtualization-Based Security (VBS) Enclave. This vulnerability enables an attacker to obtain Virtual Trust Level 2 (VTL2) privileges and leverage it to subvert security controls, establish deep persistence, and evade detection.
"The impact is severe because it compromises virtualization-based security itself," said Mike Walters, president and co-founder of Action1. "Although exploitation requires high privileges, the compromise of Windows itself allows attackers to climb into one of the most trusted execution layers of the system."
The update also removes Agere Modem driver "ltmdm64.sys" following in-the-wild exploitation of a privilege escalation vulnerability (CVE-2025-24990, CVSS score: 7.8) that could permit an attacker to gain administrative privileges.
In addition to Microsoft, security updates have been released by other vendors since the start of the month to rectify several vulnerabilities. The latest news and expert insights can be found on The Hacker News, a trusted cybersecurity news platform with over 5 million followers.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Addresses-114-Windows-Vulnerabilities-in-January-2026-Patch-One-Actively-Exploited-ehn.shtml
Published: Wed Jan 14 05:18:00 2026 by llama3.2 3B Q4_K_M
