The Indian government has issued a high-severity cybersecurity alert, warning millions of Microsoft Windows and Office users across the country of a critical vulnerability. The advisory, released by the Indian Computer Emergency Response Team (CERT-In), urges immediate action from both individual users and businesses to mitigate the risk of cyberattacks, ransomware incidents, and system compromise.

CERT-In, an agency under the Ministry of Electronics and Information Technology, has identified a significant flaw, CVE-2026-20805, in the Windows Desktop Window Manager (DWM). This vulnerability could allow a local attacker with authentication to gain access to sensitive information. The flaw affects how Windows manages visual elements and system processes, potentially allowing attackers to extract confidential data.

Microsoft has confirmed the severity of the threat, stating that CVE-2026-20805 is actively being exploited by cybercriminals. The company advises users to apply security patches immediately to protect their systems.

The vulnerability affects a wide range of Microsoft products, including: * Microsoft Office * Windows (latest and legacy versions) * Extended Security Updates (ESU) * Azure * Developer Tools * SQL Server

The potential impact of exploiting this vulnerability includes: * Theft of sensitive information * Ransomware attacks * Compromise of enterprise networks * Privilege escalation within systems * Remote code execution * Bypassing security restrictions * Spoofing attacks * Denial-of-service scenarios * Tampering with system settings * Data exfiltration * System instability

CERT-In has rated the vulnerability as "high" on the severity scale and urges IT administrators, security teams, and end-users to promptly apply the relevant security patches provided by Microsoft. The agency recommends that users take the following steps to protect their systems:

• Go to Settings → Windows Update
• Enable automatic updates
• Install the latest security patches
• Restart the system to complete the installation

Windows is the most widely used desktop operating system globally, making it a prime target for cybercriminals. Experts emphasize that proactive cybersecurity measures are essential to defend against increasingly sophisticated cyber threats. With the rise of remote work, cloud services, and digital payments, even a single unpatched system can serve as an entry point for large-scale cyberattacks. The Indian government's warning highlights the importance of maintaining updated systems and staying vigilant against potential security threats.