Microsoft started 2026 by releasing security fixes for 112 different problems. But one of these issues is already being used by hackers to attack people right now, which makes it the most dangerous one. This is the first Patch Tuesday update of the year.
While fixing 112 security problems is good news, there’s one specific issue you need to worry about immediately. According to Cyberscoop, it’s called CVE-2026-20805, and it affects the Desktop Window Manager. This flaw lets hackers access private information, and experts rate it 5.5 out of 10 for severity.
Because attackers are already using it, the Cybersecurity and Infrastructure Security Agency added it to their list of dangerous threats this week.Information disclosure bugs might not sound as scary as other types of attacks, but they’re still very serious. This kind of flaw lets hackers see sensitive memory details from your computer.
This memory leak makes future attacks much easier to pull off
The attacker needs to already have some access to your system to use this flaw, but the information they can steal helps them launch much worse attacks later. Security experts are warning that hackers can use this leaked memory information to make their next attacks work better.
This is bad news for computer security. The leaked memory can break through existing security protections. This zero-day flaw makes multi-stage attacks much more likely to succeed. Hackers often combine these leaked memory details with other security holes to gain higher access levels or steal data, which can lead to complete system takeovers, serious legal problems, and damaged reputation. If you’re a Windows 11 user, you should also know about hidden features that improve security on your system.
Microsoft hasn’t said how many attacks have used this specific zero-day. However, the Desktop Window Manager has had security problems before. This component has needed 20 security fixes since 2022. But this is the first time hackers have actually exploited an information disclosure bug in this part of Windows. Usually, attackers use this component to gain more control after they’ve already gotten into a system.
There is some good news. This is the second month in a row that Microsoft hasn’t reported any critical vulnerabilities. However, the total number of fixes is still high, with over 110 problems patched for the second January in a row. Meanwhile, Microsoft continues expanding its technology into other sectors, including AI tools for healthcare professionals.
Besides the zero-day that’s already being exploited, there are other serious flaws you need to patch. The updates fixed problems in many Microsoft products, including SharePoint, Windows Routing and Remote Access Service, Microsoft Office, and Microsoft Word. Microsoft specifically warned that eight of this month’s vulnerabilities are more likely to be exploited than others.
Each of these eight problems has a severity rating of 7.8, so they’re very serious. You should install these security updates right away. You can see the complete list of fixes on Microsoft’s Security Response Center website.
Published: Jan 14, 2026 06:45 pm