Article Details

Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws. Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses eight "Critical" vulnerabilities, 6 of which are remote code execution flaws and 2 are elevation-of-privilege flaws. The number of bugs in each vulnerability category is listed below: When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (1 flaw) and Mariner vulnerabilities fixed earlier this month. 3 zero-days, one exploited This month's Patch Tuesday fixes one actively exploited and two publicly disclosed zero-day vulnerabilities. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The actively exploited zero-day is: CVE-2026-20805 - Desktop Window Manager Information Disclosure Vulnerability Microsoft has patched an actively exploited information disclosure flaw in the Desktop Window Manager. "Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally," explains Microsoft. Microsoft says that successfully exploiting the flaw allows attackers to read memory addresses associated with the remote ALPC port. "The type of information that could be disclosed if an attacker successfully exploited this vulnerability is a section address from a remote ALPC port which is user-mode memory," continued Microsoft. Microsoft has attributed the flaw to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC) but has not shared how the flaw was exploited. The publicly disclosed zero-day flaws are: CVE-2026-21265 - Secure Boot Certificate Expiration Security Feature Bypass Vulnerability Microsoft is warning that Windows Secure Boot certificates issued in 2011 are nearing expiration, and systems that are not updated have increased risk of threat actors bypassing Secure Boot. The following certificates are nearing expiration The security updates renew the affected certificates to preserve the Secure Boot trust chain and allow continued verification of boot components. Microsoft has previously disclosed this vulnerability in a June advisory titled "Windows Secure Boot certificate expiration and CA updates". CVE-2023-31096 - MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability As part of the October Patch Tuesday, Microsoft previously warned of actively exploited vulnerabilities in a third-party Agere Modem driver that ships with supported Windows versions and said they would be removed in a future update. These vulnerabilities were exploited to gain administrative privileges on compromised systems. As part of today's Patch Tuesday updates, Microsoft has now removed these vulnerable drivers from Windows. "Microsoft is aware of vulnerabilities in the third party Agere Soft Modem drivers that ship natively with supported Windows operating systems," explains Microsoft. "This is an announcement of the removal of agrsm64.sys and agrsm.sys drivers. The drivers have been removed in the January 2026 cumulative update." Microsoft attributes this to Zeze with TeamT5. Recent updates from other companies Other vendors who released updates or advisories in January 2026 include: The January 2026 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the January 2026 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here. Update 12/10/25: Our subsection title about the zero-days incorrectly said two were exploited, instead of one. Secrets Security Cheat Sheet: From Sprawl to Control Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start. Get the cheat sheet and take the guesswork out of secrets management.