Microsoft Patch Day: Attackers spy on memory areas in Windows

Admins should quickly check that the latest security updates from Microsoft are installed. In the default settings, Windows Update is active and installs patches automatically. This is particularly important this month because attackers are already exploiting a Windows vulnerability. Three other vulnerabilities are publicly known, and further attacks could occur soon.

Attacks on Windows

The currently exploited vulnerability (CVE-2026-20805 “moderate”) affects Windows 10 and 11, as well as various server editions. Specifically, attackers can spy on memory areas at this point. This information could be used for further attacks. How exactly and to what extent the attacks are proceeding is currently unclear.

Three other vulnerabilities (CVE-2023-31096 “high,” CVE-2024-55414 “high,” CVE-2026-21265 “moderate”) in Windows are publicly known. They impact softmodem drivers from Agere and Motorola. The third vulnerability is not a classic loophole; it concerns expired Secure Boot certificates that admins must replace with new ones. If this is not done, systems will no longer receive security updates in the future, among other things.

Further Dangers and a Visual Treat

Microsoft classifies eight vulnerabilities as “critical.” They impact Excel, for example, and attackers can initiate malware attacks there. Further attacks are possible on Azure and SharePoint, among others. Further information on threatened Microsoft software and security updates can be found in the Security Update Guide.

In addition to security updates, Windows Update also offers something for the eyes this month: as announced some time ago, the battery indicator on laptops now shines in a colorful green.

(des)