CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability
Published January 21, 2026
Updated the build numbers. This is an informational update only.
Microsoft Security Response Center Blog Alerts
CVE-2026-21221 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Published January 21, 2026
Updated the build numbers. This is an informational update only.
CVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
Published January 21, 2026
Updated the build numbers. This is an informational update only.
CVE-2026-20943 Microsoft Office Click-To-Run Remote Code Execution Vulnerability
Published January 21, 2026
Updated FAQ information. This is an informational change only.
CVE-2026-20818 Windows Kernel Information Disclosure Vulnerability
Published January 21, 2026
Updated the build numbers. This is an informational update only.
CVE-2026-20929 Windows HTTP.sys Elevation of Privilege Vulnerability
Published January 16, 2026
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
CVE-2026-20867 Windows Management Services Elevation of Privilege Vulnerability
Published January 16, 2026
Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability
Published January 16, 2026
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Chromium: CVE-2026-0908 Use after free in ANGLE
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-0907 Incorrect security UI in Split View
Published January 16, 2026
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
