Microsoft has released crucial security updates as part of its January 2026 Patch Tuesday, addressing a significant zero-day vulnerability (CVE-2026-20805) within its Desktop Window Manager (DWM). This particular flaw, described as an information disclosure vulnerability, has been actively exploited in the wild, prompting urgent warnings from cybersecurity authorities. The vulnerability allows low-privilege local attackers to expose sensitive user-mode memory, specifically section addresses from remote ALPC ports. While not directly enabling remote code execution, this information disclosure can be a critical stepping stone in a broader attack chain, facilitating further privilege escalation by bypassing security mitigations like Address Space Layout Randomization (ASLR). Upon detection of active exploitation by Microsoft's Threat Intelligence Center and Security Response Center (MSTIC and MSRC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA) promptly added CVE-2026-20805 to its Known Exploited Vulnerabilities Catalog. This mandates federal agencies to apply the necessary patches by February 3, 2026, underscoring the severity and immediate risk posed by the flaw. The January 2026 Patch Tuesday update, including KB5073724 for Windows 10 ESU users, addresses a total of 113-114 vulnerabilities across various Microsoft products, with CVE-2026-20805 being one of three zero-days patched this month. Given the confirmed active exploitation, all Windows users, including those in India, are strongly advised to apply these security updates without delay to protect their systems from potential compromise.