"One of the zero-days ( CVE-2026-20805), an information disclosure flaw in the Desktop Window Manager, is already under active exploitation. That prompted CISA to add it to the Known Exploited Vulnerabilities catalog with a remediation deadline of Feb. 3, 2026. Enterprise teams should prioritize Windows and Office updates this cycle (both have Patch Now recommendations), particularly since the Preview Pane attack vectors allow code execution without fully opening malicious documents."
"After installing KB5074109, KB5073455, or KB5073724, users connecting to Azure Virtual Desktop or Windows 365 Cloud PCs via the Windows App could experience authentication errors and credential prompt failures. Microsoft is preparing an out-of-band fix. In the meantime, enterprise teams should direct affected users to connect via the Remote Desktop client for Windows (MSRDC) or the Windows App Web Client."
"A small number of users might notice that the password icon on the Windows login screen is not visible. This has been an ongoing issue since the August 2025 update. Microsoft published a Known Issue Rollback (KIR) to address Pro and Home users. Enterprise deployments should use an updated Group Policy to restore the icon."
The Patch Tuesday release addresses 112 CVEs across Microsoft products, eight rated critical and three zero-day vulnerabilities. One zero-day, CVE-2026-20805, is an information disclosure flaw in the Desktop Window Manager and is under active exploitation. CISA added the flaw to the Known Exploited Vulnerabilities catalog with a remediation deadline of Feb. 3, 2026. Enterprise teams should prioritize Windows and Office updates, as Preview Pane attack vectors can allow code execution without fully opening malicious documents. Known issues include authentication failures for Azure Virtual Desktop and Windows 365 Cloud PCs after specific KBs, and a missing Windows login password icon; workarounds and rollbacks are available.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]