""This comes against a broader trend: in 2025, reported vulnerabilities increased by 12% over 2024, continuing the upward trajectory of disclosed security flaws," said Bicer."
""The flaw leaks a memory address from a remote ALPC [Asynchronous Local Procedure Call] port. This type of information disclosure vulnerability is often used to defeat Address Space Layout Randomisation (ASLR) - a security feature in modern operating systems designed to protect against buffer overflows and other exploits that rely on manipulating the memory of a running application," explained Immersive senior director of cyber threat research, Kev Breen."
""Once they know where code resides in memory, they can chain this with a separate code execution bug to turn a difficult exploit into a reliable one," he said."
Microsoft pushed fixes for 112 CVEs on the first Patch Tuesday of 2026, including several zero-day flaws that were publicly disclosed or actively exploited and eight critical bugs. December 2025 had only 56 patches, and January typically brings an uptick after a quieter festive season, increasing pressure on security teams. Reported vulnerabilities rose 12% in 2025 versus 2024. A key flaw, CVE-2026-20805, is an information disclosure issue in Desktop Window Manager with a CVSS score of 5.5 that has been observed exploited in the wild and leaks a memory address from a remote ALPC port.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]