- Microsoft issued critical patches for 113 security holes in various Windows operating systems and supported software. - CVE-2026-20805, a flaw in the Desktop Window Manager (DWM), is actively exploited by threat actors despite its low CVSS score of 5.5. - Two Microsoft Office remote code execution bugs are also critical and can be triggered just by viewing a booby-trapped message.