CVE-2026-20805

Warnung

Medienbericht

EPSS 6.27%
Veröffentlicht 13.01.2026 17:56:08
Zuletzt bearbeitet 14.01.2026 13:44:31
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 1607 HwPlatformx64 Version < 10.0.14393.8783

Microsoft ≫ Windows 10 1607 HwPlatformx86 Version < 10.0.14393.8783

Microsoft ≫ Windows 10 1809 HwPlatformx64 Version < 10.0.17763.8276

Microsoft ≫ Windows 10 1809 HwPlatformx86 Version < 10.0.17763.8276

Microsoft ≫ Windows 10 21h2 Version < 10.0.19044.6809

Microsoft ≫ Windows 10 22h2 Version < 10.0.19045.6809

Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.6491

Microsoft ≫ Windows 11 24h2 Version < 10.0.26100.7623

Microsoft ≫ Windows 11 25h2 Version < 10.0.26200.7623

Microsoft ≫ Windows Server 2012 Version-

Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ Windows Server 2016 Version < 10.0.14393.8783

Microsoft ≫ Windows Server 2019 Version < 10.0.17763.8276

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.4648

Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.2092

Microsoft ≫ Windows Server 2025 Version < 10.0.26100.7623

13.01.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Information Disclosure Vulnerability

Schwachstelle

Microsoft Windows contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.27%	0.907

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.heise.de/news/Windows-Update-Nebenwirkungen-Verbindungsfehler-mit-Windows-365-11141640.html

Medienbericht

heise Security

15.01.2026 08:55

https://www.heise.de/news/Patchday-Microsoft-Angreifer-spionieren-Speicherbereiche-in-Windows-aus-11140152.html

Medienbericht

heise Security

14.01.2026 09:40

https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/

Medienbericht

Krebs on Security

14.01.2026 07:55

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20805

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2026-20805

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-20805

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-20805

EUVD