Microsoft Patched Multiple Windows Information Disclosure Flaws Across Core Components
Microsoft published security advisories for several Windows information disclosure vulnerabilities affecting components including the COM Server, DWM Core Library, Windows Management Services, Windows Imaging Component, and DHCP Server Service. The issues were tracked as CVE-2026-20806, CVE-2025-33052, CVE-2025-59204, CVE-2025-53799, CVE-2025-21272, and CVE-2023-36012, showing a broad spread of disclosure risks across both client and server-side Windows functionality.
Among the disclosed flaws, Microsoft provided the most detail for CVE-2026-20806, describing it as a type confusion bug in the Windows COM Server that could let a local attacker with low privileges read sensitive data, including potentially User Mode Service Memory, without user interaction. Microsoft rated that issue Important with a CVSS 3.1 score of 5.5, said exploitation was considered unlikely, reported no public disclosure or observed exploitation at publication, and stated that an official fix was available; the remaining advisories were listed as information disclosure vulnerabilities with limited public technical detail.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Microsoft discloses CVE-2026-20806 and releases a fix
Microsoft disclosed CVE-2026-20806, a type confusion information disclosure vulnerability in Windows COM Server that could allow a low-privileged local attacker to read sensitive memory. Microsoft rated it Important with a CVSS 5.5 score, said exploitation was unlikely with no public exploitation observed, and indicated an official fix was available.
Microsoft discloses CVE-2025-59204 in Windows Management Services
Microsoft published security guidance for CVE-2025-59204, an information disclosure vulnerability affecting Windows Management Services.
Microsoft discloses CVE-2025-53799 in Windows Imaging Component
Microsoft published security guidance for CVE-2025-53799, an information disclosure vulnerability affecting Windows Imaging Component.
Microsoft discloses CVE-2025-33052 in Windows DWM Core Library
Microsoft published security guidance for CVE-2025-33052, an information disclosure vulnerability affecting the Windows DWM Core Library.
Microsoft discloses CVE-2025-21272 in Windows COM Server
Microsoft published security guidance for CVE-2025-21272, an information disclosure vulnerability affecting Windows COM Server.
Microsoft discloses CVE-2024-38254 in Windows Authentication
Microsoft published security guidance for CVE-2024-38254, an information disclosure vulnerability affecting Windows Authentication. The disclosure appeared in Microsoft's Security Update Guide.
Microsoft discloses CVE-2023-36012 in DHCP Server Service
Microsoft published security guidance for CVE-2023-36012, an information disclosure vulnerability affecting the DHCP Server Service.
Sources
7 references tracked. Mallory keeps watching after this page renders.
CVE-2026-20806 - Security Update Guide - Microsoft - Windows COM Server Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-59204 - Security Update Guide - Microsoft - Windows Management Services Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-53799 - Security Update Guide - Microsoft - Windows Imaging Component Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-33052 - Security Update Guide - Microsoft - Windows DWM Core Library Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2025-21272 - Security Update Guide - Microsoft - Windows COM Server Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2024-38254 - Security Update Guide - Microsoft - Windows Authentication Information Disclosure Vulnerability
msrc.microsoft.com
Open sourceCVE-2023-36012 - Security Update Guide - Microsoft - DHCP Server Service Information Disclosure Vulnerability
portal.msrc.microsoft.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patched Multiple Windows Information Disclosure Flaws Across Kernel and Storage Components
Microsoft published security updates for a broad set of **information disclosure vulnerabilities** affecting Windows components including the **Windows Kernel**, **Secure Kernel Mode**, **Storage Port Driver**, **Kerberos**, **File Explorer**, **Push Notification**, and **Storage Spaces** features. The referenced advisories identify numerous CVEs, including `CVE-2025-21319`, `CVE-2025-21323`, `CVE-2025-21242`, `CVE-2025-32722`, `CVE-2025-49684`, `CVE-2025-48808`, `CVE-2025-48809`, `CVE-2025-48810`, `CVE-2025-26636`, `CVE-2025-55683`, `CVE-2025-59184`, `CVE-2025-59209`, `CVE-2026-32217`, and `CVE-2026-32218`, along with earlier related issues such as `CVE-2024-49082` and `CVE-2022-21877`. The disclosures show a recurring pattern of sensitive data exposure risks in core Windows subsystems, with repeated findings in kernel and storage-related code paths. While the individual entries provide limited public detail, the breadth of affected components indicates that enterprises should prioritize Microsoft security updates for systems running Windows workloads that rely on low-level kernel, storage, authentication, and user-interface services, as these flaws could allow attackers to obtain information that may aid further compromise.
May 25, 2026
Microsoft Discloses Multiple Windows Information Disclosure Vulnerabilities
Microsoft published security advisories for several Windows **information disclosure** flaws affecting core services and components, including the **Windows CSC Service** (`CVE-2025-21374`), **WLAN AutoConfig Service** (`CVE-2025-21257`), **Storage Management Provider** (`CVE-2025-33055`, `CVE-2025-33062`, `CVE-2025-55325`), and **Cryptographic Services** (`CVE-2025-58720`). The advisories indicate that sensitive information could be exposed through weaknesses in widely deployed Windows functionality spanning storage, networking, and cryptographic operations. The disclosures also align with Microsoft's earlier reporting on a similar **Windows iSCSI Target Service Information Disclosure Vulnerability** tracked as `CVE-2023-24945`, underscoring a recurring class of exposure issues across Windows services. While the referenced entries provide limited public technical detail, the breadth of affected components suggests defenders should prioritize Microsoft security updates and review systems that rely on these services for potential exposure to unintended data leakage.
May 25, 2026
Microsoft disclosed multiple Windows vulnerabilities affecting core system components
Microsoft published security advisories for several Windows vulnerabilities spanning core components including the DirectX Graphics Kernel, Windows Themes, Windows Desired State Configuration (DSC), and the Windows Search Service. The issues include denial-of-service flaws tracked as `CVE-2022-21918`, `CVE-2024-30065`, and `CVE-2025-59190`, as well as an information disclosure vulnerability, `CVE-2022-30148`, affecting DSC. The disclosures indicate that widely used Windows subsystems remained exposed to different classes of security risk across multiple product areas, from graphics and theming to configuration management and search. Organizations relying on Windows endpoints and servers would need to review Microsoft’s Security Update Guide entries for the affected components and apply the relevant patches or mitigations to reduce the risk of service disruption or unintended data exposure.
May 25, 2026