< Back to all clusters
[TECHNOLOGY] · 2 sources

Security patches roll out for Windows DWM and Ubuntu Linux kernel privilege‑escalation bugs

Microsoft released a patch for CVE‑2026‑20871, a use‑after‑free flaw in the Desktop Window Manager that allows a local attacker to execute code as System. The fix ensures the CSuperWetInkManager::RemoveSource function is always called, and 0patch has provided additional micropatches for legacy Windows versions, including Windows 10 and Windows 11 builds that are no longer receiving official updates.

Ubuntu disclosed CVE‑2026‑53359, dubbed “Januscape,” a local privilege‑escalation vulnerability in the Linux kernel that affects nested virtualization in KVM on Intel and AMD x86_64 systems. The issue can let a guest VM compromise the hypervisor host. Ubuntu will ship kernel updates to address the flaw, and administrators can mitigate the risk by disabling nested virtualization until patches are applied.