Microsoft has released its first Patch Tuesday of 2026, addressing 114 security flaws in Windows. Eight of these are rated critical, and 106 are important.
Of particular concern is CVE-2026-20805, an information disclosure flaw in Desktop Windows Manager. This flaw has already been exploited in the wild, though Microsoft has not disclosed which group is behind the attacks. The vulnerability could allow an attacker to access sensitive information locally.
Other notable fixes include CVE-2026-21265, which lets attackers bypass firmware security checks, potentially allowing malware to run during system boot. Another, CVE-2026-20876, grants hackers Virtual Trust Level 2 privileges, enabling them to evade detection and maintain persistence even after restarting the system.
The update also fixes 58 privilege escalation flaws, 22 information disclosure flaws, 21 remote code execution flaws, and 5 spoofing vulnerabilities.
Microsoft advises users to install these updates immediately to protect their systems. Keeping Windows Defender active and running regular scans is also recommended.
Experts suggest pairing Defender with a reputable antivirus suite for added protection, as well as exercising caution online. Avoid clicking on unknown links or attachments, and be wary of phishing attempts.
Patch Tuesday updates are critical for Windows security. Users should update their devices without delay to reduce the risk of cyberattacks.
Follow on Google News
