Technology

January 2026 Patch Tuesday: Security Updates & Fixes

by Daniel Kim — Technology Editor
written by Daniel Kim — Technology Editor 0 comments

Microsoft Patches 113 Security Flaws, Zero-Day Exploitation Confirmed

A massive security update from Microsoft addresses 113 vulnerabilities across Windows and related software, with attackers already actively exploiting a critical flaw. Immediate patching is crucial for all users.

Microsoft has released a critical security update addressing a staggering 113 vulnerabilities affecting various Windows operating systems and associated software. Eight of these flaws have been designated “critical” by the company, representing the highest level of severity. Worryingly, Microsoft confirms that threat actors are already exploiting at least one of these vulnerabilities in real-world attacks, underscoring the urgent need for immediate patching.

Understanding the January 2026 Security Update

The most pressing concern centers around a zero-day vulnerability, CVE-2026-20805, residing within the Desktop Window Manager (DWM). The DWM is a fundamental component of Windows responsible for managing the placement and appearance of windows on the user’s screen. While assigned a CVSS score of 5.5, which might seem moderate, security researchers at Immersive, led by senior director Kev Breen, emphasize that its active exploitation in the wild elevates its risk significantly.

Breen explains that vulnerabilities like CVE-2026-20805 are frequently leveraged to circumvent Address Space Layout Randomization (ASLR), a crucial security mechanism designed to prevent buffer overflow and memory manipulation exploits. By revealing memory addresses, attackers can chain this vulnerability with other code execution flaws, transforming complex exploits into reliable attack vectors. Microsoft’s limited disclosure regarding the specific components involved in potential exploit chains hinders proactive threat hunting, making rapid patching the most effective mitigation strategy.

Ivanti’s vice president of product management, Chris Goettl, cautions against dismissing the severity of CVE-2026-20805 based solely on its assigned rating. He advocates for a risk-based prioritization methodology, arguing that the vulnerability’s real-world exploitation warrants a higher severity assessment. This vulnerability impacts all currently supported Windows versions.

Pro Tip: Prioritize patching CVE-2026-20805 immediately, even if your organization typically follows a phased rollout approach. The confirmed active exploitation makes this a high-priority update.

Critical Flaws in Microsoft Office

Beyond the DWM vulnerability, the January update addresses two critical remote code execution bugs in Microsoft Office (CVE-2026-20952 and CVE-2026-20953). These flaws can be triggered simply by previewing a malicious message, highlighting the importance of caution when handling email attachments and previews.

Legacy Modem Driver Vulnerabilities and Removal

Microsoft continues to address vulnerabilities stemming from legacy components. Following the removal of a vulnerable modem driver in October 2025, the January update removes additional modem drivers due to the discovery of functional exploit code for an elevation of privilege vulnerability (CVE-2023-31096). Adam Barnett at Rapid7 points out that this vulnerability was initially reported over two years ago, demonstrating the long-term risks associated with outdated software components. The removed drivers, agrsm64.sys and agrsm.sys, were developed by a now-defunct third party and have been included in Windows for decades.

Barnett raises a critical question: how many more vulnerable legacy drivers remain within Windows, and how long will attackers continue to exploit them? He notes that the mere presence of these drivers, even without a connected modem, renders systems vulnerable.

Secure Boot Vulnerability Requires Attention

A critical Security Feature Bypass vulnerability (CVE-2026-21265) affecting Windows Secure Boot demands immediate attention. Secure Boot, designed to protect against rootkits and bootkits, relies on certificates expiring in June and October 2026. Systems without the updated 2023 certificates will lose Secure Boot security protections. Barnett stresses the importance of careful preparation when updating bootloaders and BIOS to avoid rendering systems unbootable.

Furthermore, Mozilla has released updates for Firefox and Firefox ESR, resolving 34 vulnerabilities, including two suspected to be actively exploited (CVE-2026-0891 and CVE-2026-0892). Updates for Google Chrome and Microsoft Edge are also anticipated this week, alongside a fix for a high-severity Chrome WebView vulnerability (CVE-2026-0628).

For detailed breakdowns of each patch, the SANS Internet Storm Center provides a comprehensive summary. Administrators should also consult askwoody.com for information on potential compatibility issues.

Given the breadth and severity of these vulnerabilities, what strategies are your organizations employing to prioritize and deploy these critical updates? And how are you addressing the risks posed by legacy components within your infrastructure?

Frequently Asked Questions About the January 2026 Microsoft Security Update

What is the most critical Windows vulnerability addressed in this update?

CVE-2026-20805, a zero-day flaw in the Desktop Window Manager, is the most critical due to its active exploitation in the wild. Immediate patching is essential.

How does ASLR relate to the CVE-2026-20805 security flaw?

The vulnerability can be used to undermine ASLR, a key security feature that protects against memory manipulation exploits, making it easier for attackers to gain control of systems.

Are older versions of Windows still at risk from these vulnerabilities?

Yes, all currently supported and extended security update supported versions of Windows are affected. It is crucial to apply the updates to all eligible systems.

What is the significance of the modem driver removals in this Microsoft patch?

The removal of these drivers addresses long-standing vulnerabilities that attackers have been exploiting, highlighting the risks associated with legacy software components.

What is Windows Secure Boot and why is CVE-2026-21265 a concern for system security?

Windows Secure Boot protects against bootkits and rootkits. The vulnerability arises from expiring certificates, potentially leaving systems vulnerable if not updated with the new 2023 certificates.

This comprehensive security update underscores the constant need for vigilance and proactive patching. Protecting your systems requires a layered approach, combining timely updates with robust security practices.

Disclaimer: This article provides general information about cybersecurity threats and vulnerabilities. It is not intended as professional advice. Consult with a qualified cybersecurity expert for specific guidance tailored to your organization’s needs.

Share this critical information with your network and join the conversation in the comments below!


Discover more from Archyworldys

Subscribe to get the latest posts sent to your email.

Daniel Kim covers AI breakthroughs, cybersecurity threats, and consumer-tech launches. He runs Archyworldys’ Lab section, where hands-on reviews, structured data, and expert verdicts drive rich-snippet visibility and affiliate-revenue growth.

You may also like

GameMaker Levels Up With CLI and Claude Code Integration

Pixel & Samsung Smartphones Get Powerful New AI Assistants

Google Pixel Weekly Agenda: May 4-10, 2026 | The Pixel Post

Best Compact Gaming Keyboard: Small Size, Rapid Response

LG 45-Inch 5K OLED Gaming Monitor: A Stunning 330Hz Beauty

Breakthrough Memory Chip Shatters Miniaturization Rules