CERT-In says: Windows users, patch this new security flaw ASAP
India's cyber watchdog, CERT-In, just flagged a big security issue in Windows.
Disclosed in January 2026 and already being misused by hackers, this bug affects the Desktop Window Manager and could put your data at risk.
What's the deal with CVE-2026-20805?
This vulnerability lets attackers grab sensitive memory info from your device—no clicks needed.
If paired with other bugs, it could help them steal credentials or keys by dodging built-in security.
Who needs to worry—and what should you do?
If you're running Windows 10 (1607, 1809, 21H2, and 22H2), Windows 11 versions 23H2, 24H2, and 25H2, or several editions of Windows Server ranging from 2012 to 2025, you're in the danger zone.
Microsoft is urging everyone: update your system right away.
Why does it matter?
Leaving this unpatched makes your device an easy target for zero-day attacks and data leaks.
A quick update now can save a lot of trouble later—so don't wait!