Microsoft has released its January 2026 Patch Tuesday updates, addressing a total of 114 security vulnerabilities across Windows and related components.
Among these fixes are three zero-day flaws, including one that is already being actively exploited in real-world attacks. Two other zero-day issues had been publicly disclosed before today’s updates were released.
Out of the 114 vulnerabilities fixed this month, eight are rated as critical. Six of those critical issues allow remote code execution, meaning attackers could potentially take control of affected systems from a distance. The remaining two critical flaws involve elevation of privilege, which could let attackers gain higher system permissions than intended.
The vulnerabilities patched this month fall into several categories. Microsoft fixed 57 elevation of privilege flaws, three security feature bypass issues, 22 remote code execution bugs, 22 information disclosure vulnerabilities, two denial of service issues, and five spoofing flaws. These numbers only include updates released by Microsoft today and do not count issues fixed earlier this month in Microsoft Edge or Mariner.
One of the most serious issues fixed in this update is an actively exploited zero-day vulnerability tracked as CVE-2026-20805. This flaw affects the Windows Desktop Window Manager and allows attackers to access sensitive information. According to Microsoft, successful exploitation lets an attacker read user-mode memory related to a remote ALPC port. While Microsoft confirmed the issue is being actively exploited, it did not share details about how the attacks were carried out. The vulnerability was discovered by the Microsoft Threat Intelligence Center and the Microsoft Security Response Center.
The first publicly disclosed zero-day fixed this month is CVE-2026-21265, which involves Windows Secure Boot certificates that are nearing expiration. Microsoft warned that Secure Boot certificates issued in 2011 are close to expiring in 2026. Systems that are not updated could be at higher risk of attackers bypassing Secure Boot protections. The January updates renew these certificates to maintain the Secure Boot trust chain and ensure that Windows and third-party boot components continue to be verified correctly. Microsoft had previously warned about this issue in a June advisory.
The second publicly disclosed zero-day addressed this month is CVE-2023-31096, which involves elevation of privilege vulnerabilities in a third-party Agere Soft Modem driver included with supported versions of Windows. Microsoft had previously warned that these flaws were being actively exploited to gain administrator-level access on compromised systems. In the January 2026 cumulative update, Microsoft has fully removed the vulnerable drivers, agrsm64.sys and agrsm.sys, from Windows. The issue was attributed to researchers from Zeze with TeamT5.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Microsoft has not provided details on how many users were affected by these vulnerabilities, but as usual, it strongly recommends installing the latest updates as soon as possible. Patch Tuesday fixes are delivered through regular system updates, and users who delay installation may remain exposed to known and potentially exploited security flaws.
