Microsoft Patch Tuesday January 2026

16 Jan 2026
January 2026 Microsoft Patch Tuesday

The first edition of the 2026 Microsoft Patch Tuesday is here. The update addresses 114 security vulnerabilities, including three zero-day vulnerabilities.

 

The update is critical as it addresses the following types of vulnerabilities that can be exploited by attackers to orchestrate attacks.

Number 

Type of Vulnerabilities 

57 

Privilege escalation 

22 

Remote code execution 

22 

Information disclosure 

5 

Spoofing 

2 

Denial of Service 

3 Zero day vulnerabilities addressed

CVE-2026-20805

Actively exploited information disclosure vulnerability – Desktop Window Manager

 

The cumulative update has patched one actively exploited zero-day vulnerability in the Desktop Window Manager. By exploiting the vulnerability, an unauthorized actor can disclose sensitive information locally by reading the memory addresses (specific locations in a computer memory) in the remote ALPC port (An Asynchronous Local Procedure Call port plays the role of enabling communication between processes on the same machine).

CVE-2026-21265

Security Feature Bypass vulnerability – Secure Boot Certificate

 

Windows Secure Boot certificates verify the boot components against a database of authorized keys/trusted certificates stored in firmware to ensure that only trusted software runs during the system startup. This is a security feature to prevent malicious software like malware and rootkits from loading during startup.

 

Through the update, Microsoft has replaced expiring Secure Boot certificates for all the applicable Windows 11 24H2 and 25H2 systems.

 

The following are the certificates that will expire soon:

Certificate Authority (CA) 

Location 

Purpose 

Expiration Date 

Microsoft Corporation KEK CA 2011 

KEK 

Signs DB and DBX related updates 

24-06-2026 

Microsoft Corporation UEFI CA 2011 

DB 

Signs Optional ROMs, 3rd party boot loaders, etc. 

27-06-2026 

Microsoft Windows Production PCA 2011 

DB 

Signs Windows Boot Manager 

19-10-2026 

 

CVE-2023-31096

Privilege escalation vulnerability – Windows Agere Soft Modem Driver

 

Windows has been shipping several legacy third-party drivers for ease of compatibility with analog modem and fax hardware. However, an escalation of privilege vulnerability was discovered in some of the drivers, specifically the Agere soft modem drivers agrsm64.sys and agrsm.sys. Microsoft has removed the drivers through its most recent update. Therefore, any device (modems, fax, soft modem, adaptors) dependent on the drivers will stop working on systems that have applied the recent cumulative update. Microsoft has recommended that customers remove dependency on the hardware due to the security concerns that haven’t been resolved.

All the vulnerabilities addressed

The following is a complete list of vulnerabilities addressed in the January 2026 Patch Tuesday update:

Component 

CVE ID 

CVE Title 

Severity 

Microsoft Graphics Component 

CVE-2026-20822 

Windows Graphics Component Elevation of Privilege Vulnerability 

Critical 

Microsoft Office 

CVE-2026-20952 

Microsoft Office Remote Code Execution Vulnerability 

Critical 

Microsoft Office 

CVE-2026-20953 

Microsoft Office Remote Code Execution Vulnerability 

Critical 

Microsoft Office Excel 

CVE-2026-20957 

Microsoft Excel Remote Code Execution Vulnerability 

Critical 

Microsoft Office Excel 

CVE-2026-20955 

Microsoft Excel Remote Code Execution Vulnerability 

Critical 

Microsoft Office Word 

CVE-2026-20944 

Microsoft Word Remote Code Execution Vulnerability 

Critical 

Windows Local Security Authority Subsystem Service (LSASS) 

CVE-2026-20854 

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability 

Critical 

Windows Virtualization-Based Security (VBS) Enclave 

CVE-2026-20876 

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability 

Critical 

Agere Windows Modem Driver 

CVE-2023-31096 

MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability 

Important 

Azure Connected Machine Agent 

CVE-2026-21224 

Azure Connected Machine Agent Elevation of Privilege Vulnerability 

Important 

Azure Core shared client library for Python 

CVE-2026-21226 

Azure Core shared client library for Python Remote Code Execution Vulnerability 

Important 

Capability Access Management Service (camsvc) 

CVE-2026-20835 

Capability Access Management Service (camsvc) Information Disclosure Vulnerability 

Important 

Capability Access Management Service (camsvc) 

CVE-2026-20851 

Capability Access Management Service (camsvc) Information Disclosure Vulnerability 

Important 

Capability Access Management Service (camsvc) 

CVE-2026-20830 

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability 

Important 

Capability Access Management Service (camsvc) 

CVE-2026-21221 

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability 

Important 

Capability Access Management Service (camsvc) 

CVE-2026-20815 

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability 

Important 

Connected Devices Platform Service (Cdpsvc) 

CVE-2026-20864 

Windows Connected Devices Platform Service Elevation of Privilege Vulnerability 

Important 

Desktop Window Manager 

CVE-2026-20805 

Desktop Window Manager Information Disclosure Vulnerability 

Important 

Desktop Window Manager 

CVE-2026-20871 

Desktop Windows Manager Elevation of Privilege Vulnerability 

Important 

Dynamic Root of Trust for Measurement (DRTM) 

CVE-2026-20962 

Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability 

Important 

Graphics Kernel 

CVE-2026-20836 

DirectX Graphics Kernel Elevation of Privilege Vulnerability 

Important 

Graphics Kernel 

CVE-2026-20814 

DirectX Graphics Kernel Elevation of Privilege Vulnerability 

Important 

Host Process for Windows Tasks 

CVE-2026-20941 

Host Process for Windows Tasks Elevation of Privilege Vulnerability 

Important 

Inbox COM Objects 

CVE-2026-21219 

Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability 

Important 

Mariner 

CVE-2025-68756 

block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock 

Important 

Mariner 

CVE-2025-68759 

wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() 

Important 

Mariner 

CVE-2025-68766 

irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() 

Important 

Mariner 

CVE-2025-68753 

ALSA: firewire-motu: add bounds check in put_user loop for DSP events 

Important 

Microsoft Office 

CVE-2026-20943 

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-20949 

Microsoft Excel Security Feature Bypass Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-20950 

Microsoft Excel Remote Code Execution Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-20956 

Microsoft Excel Remote Code Execution Vulnerability 

Important 

Microsoft Office Excel 

CVE-2026-20946 

Microsoft Excel Remote Code Execution Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-20958 

Microsoft SharePoint Information Disclosure Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-20959 

Microsoft SharePoint Server Spoofing Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-20947 

Microsoft SharePoint Server Remote Code Execution Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-20951 

Microsoft SharePoint Server Remote Code Execution Vulnerability 

Important 

Microsoft Office SharePoint 

CVE-2026-20963 

Microsoft SharePoint Remote Code Execution Vulnerability 

Important 

Microsoft Office Word 

CVE-2026-20948 

Microsoft Word Remote Code Execution Vulnerability 

Important 

Printer Association Object 

CVE-2026-20808 

Windows File Explorer Elevation of Privilege Vulnerability 

Important 

SQL Server 

CVE-2026-20803 

Microsoft SQL Server Elevation of Privilege Vulnerability 

Important 

Tablet Windows User Interface (TWINUI) Subsystem 

CVE-2026-20827 

Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability 

Important 

Tablet Windows User Interface (TWINUI) Subsystem 

CVE-2026-20826 

Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability 

Important 

Windows Admin Center 

CVE-2026-20965 

Windows Admin Center Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-20831 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-20860 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Ancillary Function Driver for WinSock 

CVE-2026-20810 

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Important 

Windows Client-Side Caching (CSC) Service 

CVE-2026-20839 

Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability 

Important 

Windows Clipboard Server 

CVE-2026-20844 

Windows Clipboard Server Elevation of Privilege Vulnerability 

Important 

Windows Cloud Files Mini Filter Driver 

CVE-2026-20940 

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 

Important 

Windows Cloud Files Mini Filter Driver 

CVE-2026-20857 

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 

Important 

Windows Common Log File System Driver 

CVE-2026-20820 

Windows Common Log File System Driver Elevation of Privilege Vulnerability 

Important 

Windows Deployment Services 

CVE-2026-0386 

Windows Deployment Services Remote Code Execution Vulnerability 

Important 

Windows DWM 

CVE-2026-20842 

Microsoft DWM Core Library Elevation of Privilege Vulnerability 

Important 

Windows Error Reporting 

CVE-2026-20817 

Windows Error Reporting Service Elevation of Privilege Vulnerability 

Important 

Windows File Explorer 

CVE-2026-20939 

Windows File Explorer Information Disclosure Vulnerability 

Important 

Windows File Explorer 

CVE-2026-20932 

Windows File Explorer Information Disclosure Vulnerability 

Important 

Windows File Explorer 

CVE-2026-20937 

Windows File Explorer Information Disclosure Vulnerability 

Important 

Windows File Explorer 

CVE-2026-20823 

Windows File Explorer Information Disclosure Vulnerability 

Important 

Windows Hello 

CVE-2026-20852 

Windows Hello Tampering Vulnerability 

Important 

Windows Hello 

CVE-2026-20804 

Windows Hello Tampering Vulnerability 

Important 

Windows HTTP.sys 

CVE-2026-20929 

Windows HTTP.sys Elevation of Privilege Vulnerability 

Important 

Windows Hyper-V 

CVE-2026-20825 

Windows Hyper-V Information Disclosure Vulnerability 

Important 

Windows Installer 

CVE-2026-20816 

Windows Installer Elevation of Privilege Vulnerability 

Important 

Windows Internet Connection Sharing (ICS) 

CVE-2026-20828 

Windows rndismp6.sys Information Disclosure Vulnerability 

Important 

Windows Kerberos 

CVE-2026-20849 

Windows Kerberos Elevation of Privilege Vulnerability 

Important 

Windows Kerberos 

CVE-2026-20833 

Windows Kerberos Information Disclosure Vulnerability 

Important 

Windows Kernel 

CVE-2026-20838 

Windows Kernel Information Disclosure Vulnerability 

Important 

Windows Kernel 

CVE-2026-20818 

Windows Kernel Information Disclosure Vulnerability 

Important 

Windows Kernel Memory 

CVE-2026-20809 

Windows Kernel Memory Elevation of Privilege Vulnerability 

Important 

Windows Kernel-Mode Drivers 

CVE-2026-20859 

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability 

Important 

Windows LDAP – Lightweight Directory Access Protocol 

CVE-2026-20812 

LDAP Tampering Vulnerability 

Important 

Windows Local Security Authority Subsystem Service (LSASS) 

CVE-2026-20875 

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability 

Important 

Windows Local Session Manager (LSM) 

CVE-2026-20869 

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20924 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20874 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20862 

Windows Management Services Information Disclosure Vulnerability 

Important 

Windows Management Services 

CVE-2026-20866 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20867 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20861 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20865 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20858 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20918 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20877 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20923 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Management Services 

CVE-2026-20873 

Windows Management Services Elevation of Privilege Vulnerability 

Important 

Windows Media 

CVE-2026-20837 

Windows Media Remote Code Execution Vulnerability 

Important 

Windows Motorola Soft Modem Driver 

CVE-2024-55414 

Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability 

Important 

Windows NDIS 

CVE-2026-20936 

Windows NDIS Information Disclosure Vulnerability 

Important 

Windows NTFS 

CVE-2026-20922 

Windows NTFS Remote Code Execution Vulnerability 

Important 

Windows NTFS 

CVE-2026-20840 

Windows NTFS Remote Code Execution Vulnerability 

Important 

Windows NTLM 

CVE-2026-20925 

NTLM Hash Disclosure Spoofing Vulnerability 

Important 

Windows NTLM 

CVE-2026-20872 

NTLM Hash Disclosure Spoofing Vulnerability 

Important 

Windows Remote Assistance 

CVE-2026-20824 

Windows Remote Assistance Security Feature Bypass Vulnerability 

Important 

Windows Remote Procedure Call 

CVE-2026-20821 

Remote Procedure Call Information Disclosure Vulnerability 

Important 

Windows Remote Procedure Call Interface Definition Language (IDL) 

CVE-2026-20832 

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability 

Important 

Windows Routing and Remote Access Service (RRAS) 

CVE-2026-20868 

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability 

Important 

Windows Routing and Remote Access Service (RRAS) 

CVE-2026-20843 

Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability 

Important 

Windows Secure Boot 

CVE-2026-21265 

Secure Boot Certificate Expiration Security Feature Bypass Vulnerability 

Important 

Windows Server Update Service 

CVE-2026-20856 

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability 

Important 

Windows Shell 

CVE-2026-20834 

Windows Spoofing Vulnerability 

Important 

Windows Shell 

CVE-2026-20847 

Microsoft Windows File Explorer Spoofing Vulnerability 

Important 

Windows SMB Server 

CVE-2026-20926 

Windows SMB Server Elevation of Privilege Vulnerability 

Important 

Windows SMB Server 

CVE-2026-20921 

Windows SMB Server Elevation of Privilege Vulnerability 

Important 

Windows SMB Server 

CVE-2026-20919 

Windows SMB Server Elevation of Privilege Vulnerability 

Important 

Windows SMB Server 

CVE-2026-20927 

Windows SMB Server Denial of Service Vulnerability 

Important 

Windows SMB Server 

CVE-2026-20848 

Windows SMB Server Elevation of Privilege Vulnerability 

Important 

Windows SMB Server 

CVE-2026-20934 

Windows SMB Server Elevation of Privilege Vulnerability 

Important 

Windows Telephony Service 

CVE-2026-20931 

Windows Telephony Service Elevation of Privilege Vulnerability 

Important 

Windows TPM 

CVE-2026-20829 

TPM Trustlet Information Disclosure Vulnerability 

Important 

Windows Virtualization-Based Security (VBS) Enclave 

CVE-2026-20938 

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability 

Important 

Windows Virtualization-Based Security (VBS) Enclave 

CVE-2026-20935 

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability 

Important 

Windows Virtualization-Based Security (VBS) Enclave 

CVE-2026-20819 

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability 

Important 

Windows WalletService 

CVE-2026-20853 

Windows WalletService Elevation of Privilege Vulnerability 

Important 

Windows Win32K – ICOMP 

CVE-2026-20811 

Win32k Elevation of Privilege Vulnerability 

Important 

Windows Win32K – ICOMP 

CVE-2026-20870 

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability 

Important 

Windows Win32K – ICOMP 

CVE-2026-20920 

Win32k Elevation of Privilege Vulnerability 

Important 

Windows Win32K – ICOMP 

CVE-2026-20863 

Win32k Elevation of Privilege Vulnerability 

Important 

Mariner 

CVE-2026-21444 

libtpms returns wrong initialization vector when certain symmetric ciphers are used 

Moderate 

Mariner 

CVE-2025-68758 

backlight: led-bl: Add devlink to supplier LEDs 

Moderate 

Mariner 

CVE-2025-68757 

drm/vgem-fence: Fix potential deadlock on release 

Moderate 

Mariner 

CVE-2025-68764 

NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags 

Moderate 

Mariner 

CVE-2025-68763 

crypto: starfive – Correctly handle return of sg_nents_for_len 

Moderate 

Mariner 

CVE-2025-68755 

staging: most: remove broken i2c driver 

Moderate 

Mariner 

CVE-2025-68765 

mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() 

Moderate 

Microsoft Edge (Chromium-based) 

CVE-2026-0628 

Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag 

Unknown 

SharkStriker’s recommendations

Since the cumulative update addresses several critical and zero-day vulnerabilities, it is highly recommended to immediately apply the patches.

The following are some of the general actions we have performed:

  • Round-the-clock security monitoring of the Microsoft environment and the rest of the infrastructure for pre-emptive threat detection and response.  
  • Continuous threat hunting based on Microsoft’s Threat Analytics report, and Indicators of Compromise and Indicators of Attack by CISA and other reputable sources.
  • Configuration of detection mechanisms with industry best practices for early discovery of risks and quick, precise, and timely action on threats.
  • Continuous assessment-based improvement of security posture with recommendations.

Get in Touch With us

We have explored what risk tolerance and risk appetite are and how important they are together in helping businesses align cybersecurity with their business goals. It can help CISOs, and C-suite make informed investment decisions for cybersecurity.

LEARN MORE