January 2026 – Page 6 – TheWindowsUpdate.com

CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability

Posted on January 13, 2026 by Syndicated News — No Comments ↓

Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability→

Posted on January 13, 2026 by Syndicated News — No Comments ↓

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. Continue reading CVE-2026-20939 Windows File Explorer Information Disclosure Vulnerability→

Posted on January 13, 2026 by Syndicated News — No Comments ↓

Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20877 Windows Management Services Elevation of Privilege Vulnerability→

Posted on January 13, 2026 by Syndicated News — No Comments ↓

Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack. Continue reading CVE-2026-20936 Windows NDIS Information Disclosure Vulnerability→

Posted on January 13, 2026 by Syndicated News — No Comments ↓

Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. Continue reading CVE-2026-20876 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability→

Posted on January 13, 2026 by Syndicated News — No Comments ↓

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network. Continue reading CVE-2026-20931 Windows Telephony Service Elevation of Privilege Vulnerability→

Posted on January 13, 2026 by Syndicated News — No Comments ↓

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. Continue reading CVE-2026-20875 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability→

Posted on January 13, 2026 by Syndicated News — No Comments ↓

Microsoft is aware of vulnerabilities in the third party Motorola Soft Modem drivers that ships natively with supported Windows operating systems.

This is an announcement of the upcoming removal of smserl64.sys and smserial.sys drivers. The drivers h… Continue reading CVE-2024-55414 Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability→