Microsoft has released its January 2026 Patch Tuesday security updates, addressing a total of 114 vulnerabilities across its products — including three zero-day vulnerabilities, one of which is actively exploited in the wild. This month’s release also includes eight critical flaws, several of which could allow remote code execution or elevation of privileges.

Key Highlights

• Total vulnerabilities fixed: 114

• Zero-day vulnerabilities: 3

  • 1 actively exploited

  • 2 publicly disclosed

• Critical severity: 8

• Major impacted components: Windows, Office, LSASS, Secure Boot, Modem drivers and more.

What You Need to Know

This Patch Tuesday marks Microsoft’s first security update release of 2026. The included fixes span a wide range of products — from Windows operating systems and system services to Microsoft Office applications and legacy drivers. With remote code execution (RCE) and elevation of privilege (EoP) bugs among the critical issues, organizations should prioritize deploying these updates promptly.

Zero-Day Vulnerabilities

The three zero-day flaws patched this month are especially noteworthy:

1. CVE-2026-20805 – Desktop Window Manager (DWM)
   An Information Disclosure vulnerability that’s actively exploited in the wild. Attackers can read sensitive memory, potentially aiding further attacks.

2. CVE-2026-21265 – Secure Boot certificate expiration bypass
   A security feature bypass due to expiring Secure Boot certificates if systems aren’t updated.

3. CVE-2023-31096 – Agere Soft Modem driver EoP
   A third-party driver flaw Microsoft mitigates by removing the vulnerable drivers altogether in this update.

Vulnerabilities by Type

Categories based on Microsoft’s Patch Tuesday breakdown.

Critical Flaws to Prioritize

Several critical issues should be high priority for security teams:

• RCE in Windows Local Security Authority Subsystem Service (LSASS) — could allow remote code execution on vulnerable systems.

• Multiple RCEs in Microsoft Office — affecting Word and Excel, exploitable via crafted documents.

• Elevation-of-Privilege flaws in core Windows components — including Graphics, VBS Enclave, and error reporting services.

Recommended Actions

1. Deploy Windows and Office updates immediately — especially where critical and actively exploited flaws are concerned.

2. Prioritize patching systems exposed to the internet and those with sensitive data.

3. Monitor security advisories and IDS/IPS signatures tied to these updated CVEs.

4. Verify that legacy systems (e.g., Secure Boot environments) receive the necessary certificate updates before expiration.

Patch Summary Table

Note: Table truncated for brevity — see vendor advisory for complete CVE list.

Final Thoughts

The January 2026 Patch Tuesday release underscores the expanding attack surface — even as older hardware and certificates age out. With active exploitation already confirmed, swift patching and coordinated vulnerability management are essential to reduce risk. Administrators should roll out updates in a controlled yet expedited fashion to stay ahead of adversaries.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.