India’s national cyber security agency, CERT-In, has issued a serious warning for Microsoft users. According to the agency, many popular Microsoft products have serious vulnerabilities that can be exploited. This alert was issued on January 14 under CIAD-2026-0002 advisory and has been placed in the high-serious category.
Which Microsoft products are at risk?
According to CERT-In, this security flaw is not limited to just one software. Windows operating systems, Microsoft Office, Azure services, SQL Server, developer tools, and even systems running Extended Security Updates (ESU) are affected. This warning is important not only for large companies or IT teams, but also for ordinary users who use Windows computers for their daily tasks.
Concern increased due to active exploitation
This alert is considered particularly serious because CERT-In has confirmed a security flaw that is being actively exploited. This vulnerability is related to Windows Desktop Window Manager and is tracked as CVE-2026-20805. In simple words, if an attacker gains local access to the system, they can steal sensitive information without being detected. Such attacks often go undetected until major damage is done.
What could be the possible effects on the system?
CERT-In has warned that if these flaws are not fixed in time, they can be used to carry out many types of cyber attacks. This includes remote code execution, gaining access to systems, identity theft, data theft, and even complete system crashes. In some cases, infected computers can also be used to spread ransomware or cause a large-scale data breach.
Why is caution important for common users?
People often assume that cyberattacks only target large companies, but this CERT-In alert clearly shows that ordinary Windows users are just as at risk. If the system is not updated, the computer may become vulnerable even without any clear warning.
What is the most important task right now?
The safest approach at this time is to immediately install Microsoft’s latest January 2026 security updates. Additionally, limit non-essential access, keep an eye on suspicious activity, and always keep your systems up to date. These small precautionary steps are the most effective way to protect Microsoft users from major cyber threats right now.