windows security

Microsoft has recorded CVE-2026-20876 — a Virtualization‑Based Security (VBS) enclave vulnerability that Microsoft classifies as an elevation‑of‑privilege risk and has published an Update Guide entry directing administrators to map the CVE to specific KBs and apply vendor fixes immediately...

Microsoft has recorded CVE‑2026‑20869 as an elevation‑of‑privilege vulnerability in the Windows Local Session Manager (LSM) component; the advisory is published in Microsoft’s Security Update Guide but key technical details and per‑SKU KB mappings are rendered through an interactive MSRC page...

A newly recorded elevation‑of‑privilege vulnerability, tracked as CVE‑2026‑20864, affects the Windows Connected Devices Platform Service (Cdpsvc) and was included in Microsoft’s January 2026 security rollup; administrators should treat this as a high‑priority local privilege escalation risk and...

Microsoft has recorded a new elevation-of-privilege entry tied to the Windows Cloud Files Mini Filter Driver — CVE-2026-20857 — and enterprise defenders must treat this class of kernel-mode bug as high priority: the Cloud Files mini-filter (cldflt.sys) sits at the privileged user→kernel boundary...

Microsoft’s Security Update Guide lists a new Windows kernel vulnerability, CVE‑2026‑20860, in the Windows Ancillary Function Driver for WinSock (afd.sys) that Microsoft categorizes as an elevation‑of‑privilege (EoP) issue; the vendor has published an Update Guide entry and a security update...

Microsoft’s Security Response Center has recorded CVE‑2026‑20859 as a Windows kernel‑mode driver elevation of privilege vulnerability that administrators must treat as a high‑priority operational risk while they confirm exact build mappings and deploy vendor fixes. The vendor’s public advisory...

Microsoft’s Security Update Guide lists CVE-2026-20851 as an information‑disclosure vulnerability in the Capability Access Management Service (camsvc), but the vendor’s interactive advisory does not expose per‑SKU KB mappings or low‑level technical details via a simple fetch — defenders must...

Microsoft’s entry for CVE‑2026‑20847 in the Security Update Guide confirms a Windows File Explorer vulnerability that allows an attacker to perform spoofing—presenting misleading UI or network endpoints to a user or the system—and the vendor’s published “confidence” metric is central to how...

Microsoft’s Security Update Guide now records CVE‑2026‑20842 as an elevation‑of‑privilege flaw in the Desktop Window Manager (DWM) Core Library, but the vendor’s published record offers limited technical detail; administrators should treat the entry as a confirmed, high‑value local EoP and move...

Microsoft has removed the legacy Agere soft‑modem drivers agrsm64.sys and agrsm.sys from current Windows images in the January 13, 2026 cumulative update, citing unresolved elevation‑of‑privilege risk tied to a historically tracked vulnerability (CVE‑2023‑31096); the practical outcome is that...

Microsoft’s Security Update Guide records a recently assigned identifier, CVE-2026-20844, described as a Windows Clipboard Server Elevation of Privilege vulnerability — an advisory that demands immediate attention from Windows administrators, security operators, and IT teams responsible for...

Microsoft’s advisory record for CVE-2026-20840 lists a remote code-execution issue affecting the Windows NTFS stack and attaches Microsoft’s standard “report confidence” metadata to the entry — a signal designed to tell defenders how certain Microsoft is about the problem and how much technical...

Microsoft has recorded CVE‑2026‑20827 — an information disclosure vulnerability in the Tablet Windows User Interface (TWINUI) subsystem — and it is included in the vendor’s Update Guide as part of the January 2026 security rollup, meaning administrators and power users should treat this as an...

Microsoft’s advisory for CVE-2026-20831 identifies a kernel-level elevation-of-privilege issue in the Windows Ancillary Function Driver for WinSock (afd.sys) that enables an authenticated local user to escalate to SYSTEM on affected builds — administrators should treat the vendor update as...

A terse entry in Microsoft’s Security Update Guide has drawn renewed attention to the fragile boundary between the Trusted Platform Module (TPM) ecosystem and the isolated “trustlet” processes that help Windows implement Virtualization‑Based Security. The item—tracked as CVE‑2026‑20829—was...

Microsoft’s public records and independent trackers do not show a readily verifiable advisory for a CVE numbered CVE‑2026‑20828 tied to rndismp6.sys, and the component historically associated with RNDIS/Windows Mobile networking (rndismp6.sys) was the subject of two Microsoft‑published CVEs in...

Microsoft has added CVE-2026-20824 to its Security Update Guide: a protection-mechanism failure in Windows Remote Assistance that Microsoft describes as a security feature bypass allowing a local, unauthorized attacker to circumvent a protection mechanism on affected systems. The entry appeared...

Microsoft’s advisory for CVE-2026-20826 identifies an information-disclosure flaw in the Tablet Windows User Interface (TWINUI) subsystem — a privileged component that touches user-facing composition and UI surfaces — and scores the vendor’s confidence in the report as an operationally important...

Microsoft has confirmed an information‑disclosure vulnerability in the Windows Remote Procedure Call (RPC) subsystem, tracked as CVE‑2026‑20821, that can allow a local, unauthorized actor to obtain sensitive memory or system information when the vulnerable RPC runtime is invoked. Background...

Microsoft’s Security Update Guide lists CVE-2026-20817 as a Windows Error Reporting vulnerability that can be abused by an authorized local attacker to elevate privileges on a host, and this advisory should be treated as an urgent patch-and-hunt item for any organization that wants to avoid...