Microsoft Monthly Security Update (January 2026)
RISK: Medium Risk
TYPE: Operating Systems - Windows OS
Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Windows |  Medium Risk | Information Disclosure Security Restriction Bypass Remote Code Execution Data Manipulation Elevation of Privilege Spoofing Denial of Service | CVE-2026-20805 is being exploited in the wild. This vulnerability exist in Desktop Window Manager. Successful exploitation of this vulnerability could allow an authorized attacker to disclose information locally. Hence, the risk level of this vulnerability is rated as Medium Risk.
CVE-2026-21265 is considered publicly disclosed. This vulnerability exist in the Windows Secure Boot. Microsoft certificates are stored in the Unified Extensible Firmware Interface Key Enrollment Key and DB. These certificates need to be updated to ensure Secure Boot functionality remains and to prevent future issues from arising. |
| Extended Security Updates (ESU) | Medium Risk | Security Restriction Bypass Remote Code Execution Information Disclosure Elevation of Privilege Spoofing Denial of Service | CVE-2026-20805 is being exploited in the wild. This vulnerability exist in Desktop Window Manager. Successful exploitation of this vulnerability could allow an authorized attacker to disclose information locally. Hence, the risk level of this vulnerability is rated as Medium Risk. |
| SQL Server | Medium Risk | Elevation of Privilege | |
| Azure | Medium Risk | Elevation of Privilege Remote Code Execution | |
| Microsoft Office | Medium Risk | Remote Code Execution Spoofing Security Restriction Bypass Information Disclosure | |
| Developer Tools | Medium Risk | Remote Code Execution | |
| Browser |  Low Risk | ||
| Open Source Software | Low Risk | ||
| Mariner | Low Risk |
Number of 'Extremely High Risk' product(s): 0
Number of 'High Risk' product(s): 0
Number of 'Medium Risk' product(s): 6
Number of 'Low Risk' product(s): 3
Evaluation of overall 'Risk Level': Medium Risk
Impact
- Remote Code Execution
- Denial of Service
- Information Disclosure
- Elevation of Privilege
- Spoofing
- Security Restriction Bypass
- Data Manipulation
System / Technologies affected
- Windows
- Extended Security Updates (ESU)
- SQL Server
- Azure
- Microsoft Office
- Developer Tools
- Browser
- Open Source Software
- Mariner
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor.
沒有留言:
發佈留言