SB2026011422 - Multiple vulnerabilities in Microsoft Windows Hello
Published: January 14, 2026
Security Bulletin ID
SB2026011422
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Incorrect Privilege Assignment (CVE-ID: CVE-2026-20804)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to incorrect privilege assignment in Windows Hello. A local attacker can perform tampering on the system.
2) Incorrect Privilege Assignment (CVE-ID: CVE-2026-20852)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to incorrect privilege assignment in Windows Hello. A local attacker can perform tampering on the system.
Remediation
Install update from vendor's website.