Microsoft Patch Tuesday January 2026 Fixes 114 Vulnerabilities, Including 3 Zero-Days - cyberpress.org

Microsoft Patch Tuesday January 2026 Fixes 114 Vulnerabilities, Including 3 Zero-Days By AnuPriya January 14, 2026 Categories: Cyber Security NewsMicrosoftVulnerabilities Microsoft’s January 2026 Patch Tuesday release delivers fixes for 114 security vulnerabilities across its product ecosystem, including three zero-day flaws that require immediate attention from enterprise security teams. The substantial update addresses critical remote code execution vulnerabilities in core Windows services and Office applications, with particular emphasis on privilege-escalation vulnerabilities that dominate this month’s security landscape. Zero-Day Vulnerabilities Demand Priority Patching Security researchers have identified three zero-day vulnerabilities in the January 2026 release, though none were actively exploited at the time of disclosure. CVE-2026-20805 affects the Desktop Windows Manager, creating information disclosure risks that Check Point researchers rate as high severity despite Microsoft’s “Important” classification. This flaw could allow unauthorized access to sensitive system data, making it a priority for workstations handling confidential information. CVE-2026-21265 targets Windows Digital Media components, enabling local privilege escalation attacks commonly chained with other exploits in sophisticated attack campaigns. The third zero-day, CVE-2023-31096, appears as a legacy vulnerability in cumulative updates despite its earlier assignment, suggesting Microsoft discovered additional attack vectors that require broader patching. CVE ID Component Type Severity Key Notes CVE-2026-20805 Desktop Windows Manager Information Disclosure Important (High per Check Point) Allows unauthorized access to sensitive data; patched January 13, 2026 CVE-2026-21265 Windows Digital Media Elevation of Privilege Not specified Enables local privilege escalation CVE-2023-31096 Unknown (legacy) Zero-day (contextual) Not specified Included in January 2026 updates despite earlier assignment The release includes 12 critical-rated CVEs, with remote code execution vulnerabilities posing the most severe organizational risk. CVE-2026-20854 stands out as particularly dangerous, affecting the Windows Local Security Authority Subsystem Service (LSASS) via a use-after-free vulnerability that is exploitable over the network. LSASS handles authentication requests, making this vulnerability a prime target for credential theft and lateral movement in enterprise environments. Microsoft Office applications face multiple critical threats, including vulnerabilities in Word and Excel that enable code execution via malicious documents. CVE-2026-20944 exploits an out-of-bounds read flaw in Word, while CVE-2026-20953 and CVE-2026-20952 leverage use-after-free conditions in the broader Office suite. Excel suffers from pointer manipulation issues (CVE-2026-20955) and integer underflow vulnerabilities (CVE-2026-20957) that attackers could weaponize in phishing campaigns. CVE ID Affected Component Description Summary Severity CVE-2026-20854 Windows LSASS Use-after-free RCE Critical CVE-2026-20944 Microsoft Word Out-of-bounds read RCE Critical CVE-2026-20953 Microsoft Office Use-after-free RCE Critical CVE-2026-20955 Microsoft Excel Pointer manipulation RCE Critical CVE-2026-20957 Microsoft Excel Integer underflow RCE Critical CVE-2026-20822 Windows Graphics Component Use-after-free EoP Critical CVE-2026-20876 Windows VBS Enclave Use-after-free EoP Critical Elevation-of-privilege flaws account for the majority of January’s patches, with 57 vulnerabilities that allow attackers to escalate from limited user accounts to system-level access. Windows kernel drivers and management services contain more than 30 such vulnerabilities, often exploitable via race conditions or use-after-free errors. The SMB Server, Win32k subsystem, and various management services require particular attention, as these components frequently serve as entry points for ransomware deployment and persistent access mechanisms. Information disclosure bugs (22 CVEs) and security feature bypasses (3 CVEs) round out the release, with notable issues in File Explorer, Virtualization-Based Security (VBS), and Windows Hello authentication systems. These vulnerabilities, while less severe than remote code execution flaws, still enable attackers to gather intelligence for targeted attacks and circumvent defensive measures. Security teams should prioritize patching internet-facing systems, beginning with Windows Server Update Services (WSUS), due to CVE-2026-20856, which allows remote code execution. SMB servers require immediate attention due to multiple elevation-of-privilege vulnerabilities affecting this critical file-sharing service. Office endpoints should follow, as vulnerabilities in the productivity suite are easily exploited via email-based attacks. Organizations should test updates in staging environments before broad deployment, as Microsoft has historically released patches that cause driver regressions, particularly with components such as the Cloud Files Mini Filter Driver. Enable automatic updates for consumer devices and unmanaged endpoints to ensure rapid protection. Security operations centers should monitor the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog, as zero-day flaws in this release may be rapidly weaponized by threat actors seeking to exploit the window between patch availability and installation. CVE Number CVE Title Impact CVE-2026-20822 Windows Graphics Component Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20876 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20944 Microsoft Word Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20955 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20854 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability Information Disclosure CVE-2026-21265 Secure Boot Certificate Expiration Security Feature Bypass Vulnerability Security Feature Bypass CVE-2026-0386 Windows Deployment Services Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20965 Windows Admin Center Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20804 Windows Hello Tampering Vulnerability Tampering CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability Information Disclosure CVE-2026-20808 Windows File Explorer Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20809 Windows Kernel Memory Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20811 Win32k Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20812 LDAP Tampering Vulnerability Tampering CVE-2026-20814 DirectX Graphics Kernel Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20815 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20816 Windows Installer Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20817 Windows Error Reporting Service Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20818 Windows Kernel Information Disclosure Vulnerability Information Disclosure CVE-2026-20819 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Information Disclosure CVE-2026-20820 Windows Common Log File System Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20821 Remote Procedure Call Information Disclosure Vulnerability Information Disclosure CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20824 Windows Remote Assistance Security Feature Bypass Vulnerability Security Feature Bypass CVE-2026-20825 Windows Hyper-V Information Disclosure Vulnerability Information Disclosure CVE-2026-20826 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Elevation of Privilege CVE-2026-20827 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Information Disclosure CVE-2026-20828 Windows rndismp6.sys Information Disclosure Vulnerability Information Disclosure CVE-2026-20829 TPM Trustlet Information Disclosure Vulnerability Information Disclosure CVE-2026-20831 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20832 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20833 Windows Kerberos Information Disclosure Vulnerability Information Disclosure CVE-2026-20834 Windows Spoofing Vulnerability Spoofing CVE-2026-20835 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Information Disclosure CVE-2026-20836 DirectX Graphics Kernel Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20837 Windows Media Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20838 Windows Kernel Information Disclosure Vulnerability Information Disclosure CVE-2026-20839 Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability Information Disclosure CVE-2026-20840 Windows NTFS Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20842 Microsoft DWM Core Library Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20844 Windows Clipboard Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2023-31096 MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20847 Microsoft Windows File Explorer Spoofing Vulnerability Spoofing CVE-2026-20851 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Information Disclosure CVE-2026-20852 Windows Hello Tampering Vulnerability Tampering CVE-2026-20856 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20857 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20858 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20860 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20864 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20865 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20869 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20875 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Denial of Service CVE-2026-20877 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20919 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20920 Win32k Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20921 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20922 Windows NTFS Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20923 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20924 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20925 NTLM Hash Disclosure Spoofing Vulnerability Spoofing CVE-2026-20926 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20927 Windows SMB Server Denial of Service Vulnerability Denial of Service CVE-2026-20932 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20938 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20940 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Remote Code Execution CVE-2026-20946 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20947 Microsoft SharePoint Server Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20951 Microsoft SharePoint Server Spoofing Vulnerability Spoofing CVE-2026-20956 Microsoft SharePoint Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability Information Disclosure CVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-21221 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20947 Microsoft SharePoint Server Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20843 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20853 Windows WalletService Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-21219 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20861 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability Information Disclosure CVE-2026-20863 Win32k Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20866 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20867 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20868 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20870 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20871 Desktop Windows Manager Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20872 NTLM Hash Disclosure Spoofing Vulnerability Spoofing CVE-2026-20873 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20874 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2024-55414 Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20929 Windows HTTP.sys Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20931 Windows Telephony Service Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Information Disclosure CVE-2026-20936 Windows NDIS Information Disclosure Vulnerability Information Disclosure CVE-2026-20937 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20939 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20948 Microsoft Word Remote Code Execution Vulnerability Remote Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Multiple TP-Link Vulnerabilities Allow Attackers to Seize Full Device Control Cyber Security News April 10, 2026 React Server Components Vulnerability Enables Denial-of-Service (DoS) Attacks Cyber Security News April 10, 2026 Cybercriminals Launch Fake BTS Tour Ticket Scam Across Several Countries Cyber Security News April 10, 2026 Security Flaw In EngageSDK Puts Millions Of Crypto Wallet Users At Risk Cyber Security News April 10, 2026 Juniper Networks Default Password Flaw Lets Attackers Take Full Control of Devices Cyber Security News April 10, 2026 Related Stories Cyber Security News Multiple TP-Link Vulnerabilities Allow Attackers to Seize Full Device Control AnuPriya - April 10, 2026 Cyber Security News React Server Components Vulnerability Enables Denial-of-Service (DoS) Attacks AnuPriya - April 10, 2026 Cyber Security News Cybercriminals Launch Fake BTS Tour Ticket Scam Across Several Countries Varshini - April 10, 2026 Cyber Security News Security Flaw In EngageSDK Puts Millions Of Crypto Wallet Users At Risk Varshini - April 10, 2026 Cyber Security News Juniper Networks Default Password Flaw Lets Attackers Take Full Control of Devices AnuPriya - April 10, 2026 Cyber Security News Single Line of Code Can Jailbreak 11 AI Models, Including ChatGPT, Claude, and Gemini AnuPriya - April 10, 2026 LEAVE A REPLY Comment: Name:* Email:* Website: