New Delhi: The Indian government has issued a high-severity security alert for Microsoft Windows and other Microsoft products, warning millions of users about an active vulnerability that could expose systems to hacking attacks.

The advisory, released by the Indian Computer Emergency Response Team (CERT-In) in January 2026, highlights a critical flaw affecting Windows 11, Windows 10 and Microsoft Office products, widely used across personal and business environments.

According to CERT-In, the threat involves a serious vulnerability in the Windows Desktop Window Manager.

“An information disclosure vulnerability (CVE-2026-20805) exists in the Windows Desktop Window Manager (DWM). An authenticated local attacker could exploit this vulnerability to gain access to sensitive information."

Microsoft has also acknowledged the urgency of the threat, stating, “this vulnerability (CVE-2026-20805) is being exploited in the wild. Users are advised to apply patches immediately."

The warning suggests the flaw is already being actively abused, prompting authorities to urge users to update their operating systems and Microsoft software without delay.

Microsoft Security Issue: Who is at risk?

CERT-In said the vulnerability affects multiple Microsoft products, including:

  • Microsoft Office
  • Windows
  • Extended Security Updates (ESU)
  • Azure
  • Developer Tools
  • SQL Server

Users have been advised to install the latest security patches and updates immediately to reduce the risk of compromise.