Microsoft Users: India's national cyber security agency CERT-In has issued a serious warning for Microsoft users.

Microsoft Users: India's national cybersecurity agency, CERT-In, has issued a serious warning for Microsoft users. According to the agency, several popular Microsoft products have been found to have serious vulnerabilities that could be exploited. This alert, issued on January 14th under advisory CIAD-2026-0002, is classified as high-severity.

Which Microsoft products are at risk?

According to CERT-In, this security flaw isn't limited to just one piece of software. Windows operating systems, Microsoft Office, Azure services, SQL Server, developer tools, and even systems running Extended Security Updates (ESU) are vulnerable.

This warning is not only for big companies or IT teams, but is equally important for common users who use Windows computers for everyday tasks.

Active Exploit raises concerns

This alert is considered particularly serious because CERT-In has confirmed a security flaw that is being actively exploited. This vulnerability relates to the Windows Desktop Window Manager and is tracked as CVE-2026-20805.

Simply put, if an attacker gains local access to a system, they can steal sensitive information silently. Such attacks often go undetected until significant damage has already been done.

What could be the impact on the system?

CERT-In has warned that if these vulnerabilities are not addressed promptly, they could lead to a variety of cyberattacks, including remote code execution, system overreach, identity spoofing, data theft, and even system crashes.

In some cases, infected computers can also be used to spread ransomware or cause large-scale data leaks.

Why is caution necessary for common users?

People often assume that cyberattacks only target large companies, but this alert from CERT-In clearly demonstrates that ordinary Windows users are equally at risk. If the system isn't updated, your computer can become vulnerable without any obvious signs.

What is the most important thing to do right now?

The safest course of action right now is to immediately install Microsoft's latest January 2026 security updates. Additionally, limit unnecessary access, monitor suspicious activity, and keep systems up-to-date. These small precautions are the most effective way to protect Microsoft users from major cyber threats.