Advisory

Microsoft January 2026 Patch Tuesday fixes 114 flaws and actively exploited flaw

Take action: Another important and urgent advisory: One zero-day vulnerability is actively exploited in the wild, two more reported and eight critical flaws in Office and WIndows. Patch your Windows Operating Systems ASAP, then Microsoft Office. Then review the advisory for the rest of the Microsoft products and Windows components you use.

Learn More

Microsoft fixed 114 security flaws in its January 2026 Patch Tuesday update. This release includes eight critical bugs and three zero-days. One zero-day is currently actively exploited. 

The update fixes problems in Windows, Office, and Azure that allow attackers to run code or gain higher privileges.

Zero days and actively exploited:

  • CVE-2026-20805 (CVSS score 5.5) an information disclosure vulnerability in the Desktop Window Manager. It is actively exploited to steal data from the Desktop Window Manager. This flaw lets a user read memory from a remote port. Microsoft Threat Intelligence reports the exploitation activity but did not share how the attack works. This bug shows that local users can still reach sensitive system memory.
  • CVE-2026-21265 (CVSS score 6.4) Secure Boot Certificate Expiration Security Feature Bypass vulnerability affecting Windows Secure Boot certificates issued in 2011 that are nearing expiration, potentially allowing threat actors to bypass Secure Boot protections on systems that remain unpatched. If not fixed, the boot security chain will fail by mid-2026.
  • CVE-2023-31096 (CVSS score 7.8) addresses vulnerabilities in third-party Agere Soft Modem drivers that ship with supported Windows versions. Previously exploited to gain administrative privileges on compromised systems, Microsoft has now completely removed the vulnerable agrsm64.sys and agrsm.sys drivers from Windows in the January 2026 cumulative update..

Critical patched flaws:

  • CVE-2026-20952 (CVSS score 8.4) - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-20953 (CVSS score 8.4) - Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-20944 (CVSS score 8.4) - Microsoft Word Remote Code Execution Vulnerability
  • CVE-2026-20957 (CVSS score 7.8) - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2026-20955 (CVSS score 7.8) - Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2026-20822 (CVSS score 7.8) - Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2026-20854 (CVSS score 7.5) - Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
  • CVE-2026-20876 (CVSS score 6.7) - Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

The patch cycle includes:

  • 57 Elevation of Privilege vulnerabilities
  • 3 Security Feature Bypass vulnerabilities
  • 22 Remote Code Execution vulnerabilities
  • 22 Information Disclosure vulnerabilities
  • 2 Denial of Service vulnerabilities
  • 5 Spoofing vulnerabilities

Full patch list

TagCVE IDCVE TitleSeverity
Agere Windows Modem DriverCVE-2023-31096MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege VulnerabilityImportant
Azure Connected Machine AgentCVE-2026-21224Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
Azure Core shared client library for PythonCVE-2026-21226Azure Core shared client library for Python Remote Code Execution VulnerabilityImportant
Capability Access Management Service (camsvc)CVE-2026-20835Capability Access Management Service (camsvc) Information Disclosure VulnerabilityImportant
Capability Access Management Service (camsvc)CVE-2026-20851Capability Access Management Service (camsvc) Information Disclosure VulnerabilityImportant
Capability Access Management Service (camsvc)CVE-2026-20830Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityImportant
Capability Access Management Service (camsvc)CVE-2026-21221Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityImportant
Capability Access Management Service (camsvc)CVE-2026-20815Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityImportant
Connected Devices Platform Service (Cdpsvc)CVE-2026-20864Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Desktop Window ManagerCVE-2026-20805Desktop Window Manager Information Disclosure VulnerabilityImportant
Desktop Window ManagerCVE-2026-20871Desktop Windows Manager Elevation of Privilege VulnerabilityImportant
Dynamic Root of Trust for Measurement (DRTM)CVE-2026-20962Dynamic Root of Trust for Measurement (DRTM) Information Disclosure VulnerabilityImportant
Graphics KernelCVE-2026-20836DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Graphics KernelCVE-2026-20814DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Host Process for Windows TasksCVE-2026-20941Host Process for Windows Tasks Elevation of Privilege VulnerabilityImportant
Inbox COM ObjectsCVE-2026-21219Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportant
MarinerCVE-2026-21444libtpms returns wrong initialization vector when certain symmetric ciphers are usedModerate
MarinerCVE-2025-68758backlight: led-bl: Add devlink to supplier LEDsModerate
MarinerCVE-2025-68757drm/vgem-fence: Fix potential deadlock on releaseModerate
MarinerCVE-2025-68764NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flagsModerate
MarinerCVE-2025-68756block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lockImportant
MarinerCVE-2025-68763crypto: starfive - Correctly handle return of sg_nents_for_lenModerate
MarinerCVE-2025-68755staging: most: remove broken i2c driverModerate
MarinerCVE-2025-68759wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()Important
MarinerCVE-2025-68766irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()Important
MarinerCVE-2025-68753ALSA: firewire-motu: add bounds check in put_user loop for DSP eventsImportant
MarinerCVE-2025-68765mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()Moderate
Microsoft Edge (Chromium-based)CVE-2026-0628Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tagUnknown
Microsoft Graphics ComponentCVE-2026-20822Windows Graphics Component Elevation of Privilege VulnerabilityCritical
Microsoft OfficeCVE-2026-20952Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2026-20953Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2026-20943Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImportant
Microsoft Office ExcelCVE-2026-20949Microsoft Excel Security Feature Bypass VulnerabilityImportant
Microsoft Office ExcelCVE-2026-20950Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2026-20956Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2026-20957Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2026-20946Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2026-20955Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2026-20958Microsoft SharePoint Information Disclosure VulnerabilityImportant
Microsoft Office SharePointCVE-2026-20959Microsoft SharePoint Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2026-20947Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2026-20951Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2026-20963Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2026-20948Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2026-20944Microsoft Word Remote Code Execution VulnerabilityCritical
Printer Association ObjectCVE-2026-20808Windows File Explorer Elevation of Privilege VulnerabilityImportant
SQL ServerCVE-2026-20803Microsoft SQL Server Elevation of Privilege VulnerabilityImportant
Tablet Windows User Interface (TWINUI) SubsystemCVE-2026-20827Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure VulnerabilityImportant
Tablet Windows User Interface (TWINUI) SubsystemCVE-2026-20826Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure VulnerabilityImportant
Windows Admin CenterCVE-2026-20965Windows Admin Center Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-20831Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-20860Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Ancillary Function Driver for WinSockCVE-2026-20810Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
Windows Client-Side Caching (CSC) ServiceCVE-2026-20839Windows Client-Side Caching (CSC) Service Information Disclosure VulnerabilityImportant
Windows Clipboard ServerCVE-2026-20844Windows Clipboard Server Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2026-20940Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Cloud Files Mini Filter DriverCVE-2026-20857Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2026-20820Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Deployment ServicesCVE-2026-0386Windows Deployment Services Remote Code Execution VulnerabilityImportant
Windows DWMCVE-2026-20842Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Error ReportingCVE-2026-20817Windows Error Reporting Service Elevation of Privilege VulnerabilityImportant
Windows File ExplorerCVE-2026-20939Windows File Explorer Information Disclosure VulnerabilityImportant
Windows File ExplorerCVE-2026-20932Windows File Explorer Information Disclosure VulnerabilityImportant
Windows File ExplorerCVE-2026-20937Windows File Explorer Information Disclosure VulnerabilityImportant
Windows File ExplorerCVE-2026-20823Windows File Explorer Information Disclosure VulnerabilityImportant
Windows HelloCVE-2026-20852Windows Hello Tampering VulnerabilityImportant
Windows HelloCVE-2026-20804Windows Hello Tampering VulnerabilityImportant
Windows HTTP.sysCVE-2026-20929Windows HTTP.sys Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2026-20825Windows Hyper-V Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2026-20816Windows Installer Elevation of Privilege VulnerabilityImportant
Windows Internet Connection Sharing (ICS)CVE-2026-20828Windows rndismp6.sys Information Disclosure VulnerabilityImportant
Windows KerberosCVE-2026-20849Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2026-20833Windows Kerberos Information Disclosure VulnerabilityImportant
Windows KernelCVE-2026-20838Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2026-20818Windows Kernel Information Disclosure VulnerabilityImportant
Windows Kernel MemoryCVE-2026-20809Windows Kernel Memory Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2026-20859Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LDAP - Lightweight Directory Access ProtocolCVE-2026-20812LDAP Tampering VulnerabilityImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2026-20854Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution VulnerabilityCritical
Windows Local Security Authority Subsystem Service (LSASS)CVE-2026-20875Windows Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityImportant
Windows Local Session Manager (LSM)CVE-2026-20869Windows Local Session Manager (LSM) Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20924Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20874Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20862Windows Management Services Information Disclosure VulnerabilityImportant
Windows Management ServicesCVE-2026-20866Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20867Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20861Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20865Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20858Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20918Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20877Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20923Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows Management ServicesCVE-2026-20873Windows Management Services Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2026-20837Windows Media Remote Code Execution VulnerabilityImportant
Windows Motorola Soft Modem DriverCVE-2024-55414Windows Motorola Soft Modem Driver Elevation of Privilege VulnerabilityImportant
Windows NDISCVE-2026-20936Windows NDIS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2026-20922Windows NTFS Remote Code Execution VulnerabilityImportant
Windows NTFSCVE-2026-20840Windows NTFS Remote Code Execution VulnerabilityImportant
Windows NTLMCVE-2026-20925NTLM Hash Disclosure Spoofing VulnerabilityImportant
Windows NTLMCVE-2026-20872NTLM Hash Disclosure Spoofing VulnerabilityImportant
Windows Remote AssistanceCVE-2026-20824Windows Remote Assistance Security Feature Bypass VulnerabilityImportant
Windows Remote Procedure CallCVE-2026-20821Remote Procedure Call Information Disclosure VulnerabilityImportant
Windows Remote Procedure Call Interface Definition Language (IDL)CVE-2026-20832Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2026-20868Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2026-20843Windows Routing and Remote Access Service (RRAS) Elevation of Privilege VulnerabilityImportant
Windows Secure BootCVE-2026-21265Secure Boot Certificate Expiration Security Feature Bypass VulnerabilityImportant
Windows Server Update ServiceCVE-2026-20856Windows Server Update Service (WSUS) Remote Code Execution VulnerabilityImportant
Windows ShellCVE-2026-20834Windows Spoofing VulnerabilityImportant
Windows ShellCVE-2026-20847Microsoft Windows File Explorer Spoofing VulnerabilityImportant
Windows SMB ServerCVE-2026-20926Windows SMB Server Elevation of Privilege VulnerabilityImportant
Windows SMB ServerCVE-2026-20921Windows SMB Server Elevation of Privilege VulnerabilityImportant
Windows SMB ServerCVE-2026-20919Windows SMB Server Elevation of Privilege VulnerabilityImportant
Windows SMB ServerCVE-2026-20927Windows SMB Server Denial of Service VulnerabilityImportant
Windows SMB ServerCVE-2026-20848Windows SMB Server Elevation of Privilege VulnerabilityImportant
Windows SMB ServerCVE-2026-20934Windows SMB Server Elevation of Privilege VulnerabilityImportant
Windows Telephony ServiceCVE-2026-20931Windows Telephony Service Elevation of Privilege VulnerabilityImportant
Windows TPMCVE-2026-20829TPM Trustlet Information Disclosure VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2026-20938Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2026-20935Windows Virtualization-Based Security (VBS) Information Disclosure VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2026-20819Windows Virtualization-Based Security (VBS) Information Disclosure VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2026-20876Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityCritical
Windows WalletServiceCVE-2026-20853Windows WalletService Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2026-20811Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2026-20870Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2026-20920Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K - ICOMPCVE-2026-20863Win32k Elevation of Privilege VulnerabilityImportant

 

Microsoft January 2026 Patch Tuesday fixes 114 flaws and actively exploited flaw
Read More
CISA reports active exploitation of ASUS Live Update …
CISA warns of active exploitation of Windows vulnerability
Adobe releases December 2024 patches for flaws in …
Google Issues Emergency Chrome Update to Patch 10 …
Apple releases another patch for iOS 17, fixes …