January 2026 [New Year, New Vulns, New Certs]

CVE-2026-21265 is a Secure Boot certificate expiration bypass. Microsoft's original 2011 Root of Trust certificates, which sign nearly every Windows bootloader since Windows 8, expire in June and October 2026.

If you bought a motherboard or computer between 2012 and 2025, fixing CVE-2026-21265 takes two steps: a Windows OS patch and a BIOS update. Miss either one and the endpoint stays vulnerable to a hardware-level root of trust compromise.

CVE-2026-20816 is a Windows Installer elevation of privilege flaw built on a TOCTOU race condition. The installer checks a file is safe, then an attacker swaps it a split second later, turning a local foothold into SYSTEM access.

CVE-2026-20805 is a Desktop Window Manager information disclosure flaw that's actively exploited in the wild. DWM draws and composites the desktop over the ALPC local IPC system, and exploiting it can break a process out of a container.

Any app that can draw a window can trigger CVE-2026-20805, no admin rights required. If you run a minus-one patch cadence, add detection around dwm.exe and watch for unusual memory spikes or crashes that signal an exploit attempt.