Microsoft has disclosed a critical information disclosure vulnerability in the Desktop Window Manager that threat actors are actively exploiting.
The vulnerability, tracked as CVE-2026-20805, was publicly released on January 13, 2026, and allows authenticated local attackers to access sensitive information without user interaction.
The vulnerability exists in Microsoft’s Desktop Window Manager, a core system service responsible for managing visual effects and window rendering in Windows.
By exploiting this flaw, attackers with local access can read confidential data from system memory, potentially exposing authentication credentials, encryption keys, and other sensitive information.
| Field | Details |
|---|---|
| CVE ID | CVE-2026-20805 |
| Component | Desktop Window Manager |
| Vulnerability Type | Information Disclosure |
The attack requires low-privilege access and no user interaction, making it a significant security concern for enterprise and consumer environments.
The active exploitation of this zero-day vulnerability underscores the need for immediate remediation.
Organizations should prioritize patching systems running vulnerable versions of the Desktop Window Manager.
The vulnerability’s requirement for local access suggests targeted attacks against specific organisations or high-value targets rather than widespread internet-based exploitation, as reported by Microsoft.
However, systems compromised through other means or vulnerable to privilege escalation attacks remain at significant risk.
Security teams are recommended to monitor for suspicious Desktop Window Manager process activity, unusual memory access patterns, and unauthorized credential usage that may indicate successful exploitation.
A security update addressing this vulnerability is expected from Microsoft imminently.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.