Microsoft has assigned CVE-2026-20854 to a newly disclosed vulnerability in the Windows Local Security Authority Subsystem Service (LSASS) that Microsoft and several security vendors classify as a critical remote code execution risk; the flaw was included in the January 2026 Patch Tuesday...
