Overview
- Microsoft patched vulnerabilities across Windows and Office, with critical remote code execution risks in LSASS, Word, and Excel plus elevation-of-privilege bugs in the Graphics component and VBS Enclave.
- CVE-2026-20805 in Desktop Window Manager was confirmed exploited and added to CISA’s Known Exploited Vulnerabilities catalog; the flaw can leak memory addresses and help defeat ASLR in attack chains.
- Security firms released guidance and detections, with Cisco Talos publishing new Snort rules and advising customers to update signature sets for exploitation attempts tied to this month’s disclosures.
- Microsoft addressed Secure Boot certificate expiration (CVE-2026-21265), warning that systems relying on 2011 certificates must update to maintain Secure Boot protections.
- Legacy soft modem drivers implicated in an elevation-of-privilege risk were removed (including agrsm64.sys, agrsm.sys, smserl64.sys, and smserial.sys), which will disable dependent modem hardware on Windows.