CVE-2026-20805: Microsoft Fixes Actively Exploited Windows Desktop Manager Zero-Day

Microsoft’s January 2026 Patch Tuesday fixes 112–114 vulnerabilities across Windows and related products and highlights an actively exploited zero-day, CVE-2026-20805, an information-disclosure flaw in the Windows Desktop Window Manager that can expose protected memory to a locally authenticated attacker; CISA added this CVE to its Known Exploited Vulnerabilities catalog and federal agencies are required to patch by February 3, 2026. The report urges immediate remediation and points to detection intelligence resources for defenders.