Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild - CyberSecurityNews

Home Cyber Security News Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild Microsoft patched a critical zero-day information disclosure flaw in its Desktop Window Manager (DWM) on January 13, 2026, in the Patch Tuesday update after detecting active exploitation in the wild. Tracked as CVE-2026-20805, the vulnerability allows low-privilege local attackers to expose sensitive user-mode memory, specifically section addresses, via remote ALPC ports. This could aid further privilege escalation chains in real-world attacks, prompting urgent patch deployment across legacy Windows systems. The flaw earned an “Important” severity rating with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). While not remotely exploitable, its low complexity and lack of user interaction make it a prime target for malware or post-compromise operations. Microsoft Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) confirmed exploitation but noted no public proof-of-concept exists yet. Attackers exploit DWM, a core compositing engine handling window rendering, to leak memory addresses. This disclosure could reveal kernel pointers or process data, facilitating bypasses of mitigations like ASLR. Microsoft credits internal teams for discovery via coordinated disclosure. Affected Platforms and Patches The vulnerability impacts older Windows versions still in extended support. Administrators must prioritize updates, as Microsoft deems them “Required.” Platform KB Article Build Number Download Link Windows 10 v1809 (x64/32-bit) KB5073723 10.0.17763.8276 Catalog Windows Server 2012 R2 (Core/Full) KB5073696 6.3.9600.22968 Catalog Windows Server 2012 (Core/Full) KB5073698 6.2.9200.25868 Catalog Windows Server 2016 (Core/Full) KB5073722 10.0.14393.8783 Catalog Check the MSRC Update for full lifecycle details. In the interim, restrict local low-privilege accounts and monitor DWM processes via EDR tools. This patch wave underscores ongoing risks in legacy DWM components amid rising local privilege escalation tactics. Organizations on unsupported builds face heightened exposure. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials Cyber Security News Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories Cyber Security News New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026