Tech »  Topic »  Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

11 hours ago   theregister.co.uk

Microsoft and Uncle Sam have warned that a Windows bug disclosed today is already under attack.

The flaw, tracked as CVE-2026-20805 and discovered by Microsoft's own threat intel team, allows an authorized attacker to leak a memory address from a remote ALPC port.

"Presumably, threat actors would then use the address in the next stage of their exploit chain – probably gaining arbitrary code execution," according to Trend Micro's Zero Day Initiative Head of Threat Awareness Dustin Childs' analysis.

It's a medium-severity flaw, earning a 5.5 CVSS rating.

Shortly after Redmond pushed a patch, the US Cybersecurity and Infrastructure Security Agency added CVE-2026-20805 to its Known Exploited Vulnerabilities catalog, a step that means federal agencies must implement the fix by February 3. "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," the feds warned.

While ...


Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE