Microsoft’s January 2026 Patch Tuesday: Addressing 114 Vulnerabilities, Including an Actively Exploited Zero-Day
On January 13, 2026, Microsoft released its first Patch Tuesday update of the year, addressing a total of 114 security vulnerabilities across its software ecosystem. This comprehensive update includes fixes for one actively exploited zero-day vulnerability, two publicly disclosed zero-days, and eight critical flaws.
Breakdown of Vulnerabilities:
– Total Vulnerabilities: 114
– Critical: 8
– Important: 106
– By Type:
– Elevation of Privilege: 57
– Remote Code Execution: 22
– Information Disclosure: 22
– Security Feature Bypass: 3
– Denial of Service: 2
– Spoofing: 5
Actively Exploited Zero-Day Vulnerability:
The most critical issue addressed in this update is an information disclosure vulnerability in the Desktop Window Manager (DWM), tracked as CVE-2026-20805. This flaw allows authenticated attackers to access sensitive user-mode memory information through a remote Advanced Local Procedure Call (ALPC) port. Microsoft’s Threat Intelligence Center and Security Response Center identified and reported this vulnerability. While specific details about the exploitation methods remain undisclosed, the active exploitation of this flaw underscores the urgency for users to apply the patch promptly. ([action1.com](https://www.action1.com/patch-tuesday/patch-tuesday-january-2026/?utm_source=openai))
Publicly Disclosed Zero-Day Vulnerabilities:
1. CVE-2026-21265 – Secure Boot Certificate Expiration Bypass:
This security feature bypass vulnerability arises from expiring Secure Boot certificates. Without timely updates, systems are at an increased risk of threat actors bypassing Secure Boot protections. ([securityonline.info](https://securityonline.info/patch-tuesday-jan-2026-microsoft-fixes-114-flaws-3-zero-days/?utm_source=openai))
2. CVE-2023-31096 – Agere Soft Modem Driver Elevation of Privilege:
This flaw in the Agere Soft Modem driver could allow attackers to gain elevated privileges. Microsoft has mitigated this issue by removing the vulnerable drivers in the current update. ([clearphish.ai](https://www.clearphish.ai/news/microsoft-january-2026-patch-tuesday-fixes-114-flaws-zero-days?utm_source=openai))
Critical Vulnerabilities to Prioritize:
– CVE-2026-20854 – Remote Code Execution in Windows Local Security Authority Subsystem Service (LSASS):
This critical vulnerability could allow remote code execution on vulnerable systems. Given LSASS’s role in handling authentication and sensitive credentials, this flaw poses a significant risk. ([securityonline.info](https://securityonline.info/patch-tuesday-jan-2026-microsoft-fixes-114-flaws-3-zero-days/?utm_source=openai))
– Multiple Remote Code Execution Vulnerabilities in Microsoft Office:
Several vulnerabilities (CVE-2026-20944, CVE-2026-20952, CVE-2026-20953, CVE-2026-20955, CVE-2026-20957) affect Word and Excel. These flaws, ranging from use-after-free bugs to integer underflows, generally require an attacker to convince a user to open a malicious file. ([securityonline.info](https://securityonline.info/patch-tuesday-jan-2026-microsoft-fixes-114-flaws-3-zero-days/?utm_source=openai))
Recommendations:
Given the breadth and severity of the vulnerabilities addressed in this update, it is imperative for organizations and individual users to:
1. Apply Patches Promptly: Ensure that all systems are updated with the latest patches to mitigate the risks associated with these vulnerabilities.
2. Review and Update Security Configurations: Particularly for systems affected by the Secure Boot certificate expiration issue, verify that Secure Boot configurations are current and certificates are updated.
3. Monitor for Exploitation Attempts: Stay vigilant for any signs of exploitation, especially concerning the actively exploited DWM vulnerability.
4. Educate Users: Inform users about the risks of opening unsolicited or suspicious files, especially those that could exploit vulnerabilities in Microsoft Office applications.
By taking these proactive steps, organizations can enhance their security posture and protect against potential threats arising from these vulnerabilities.
