Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Including 3 Zero-Days - gbhackers.com

Microsoft January 2026 Patch CVE/vulnerabilityCyber Security NewsMicrosoft 7 min.Read Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Including 3 Zero-Days By Divya January 14, 2026 Share Facebook Twitter Pinterest WhatsApp Microsoft has released its January 2026 Patch Tuesday security updates, addressing 114 vulnerabilities across Windows, Office, and other products. The update includes three actively exploited zero-day vulnerabilities and 12 critical-severity flaws that require immediate attention from system administrators. The January 2026 release addresses a diverse range of security issues, with elevation of privilege vulnerabilities representing the largest category at 57 flaws. Remote code execution vulnerabilities account for 22 issues, while information disclosure bugs total 22. The breakdown includes two denial-of-service flaws, five spoofing vulnerabilities, three security feature bypass issues, and three tampering vulnerabilities. According to Microsoft, Critical-severity vulnerabilities primarily affect Windows core services and Microsoft Office applications. CVE ID Affected Component Description Severity CVE-2026-20854 Windows LSASS Use-after-free RCE exploitable over networks Critical CVE-2026-20944 Microsoft Word Out-of-bounds read RCE Critical CVE-2026-20953 Microsoft Office Use-after-free RCE Critical CVE-2026-20952 Microsoft Office Use-after-free RCE Critical CVE-2026-20955 Microsoft Excel Pointer handling RCE Critical CVE-2026-20957 Microsoft Excel Integer underflow RCE Critical CVE-2026-20822 Windows Graphics Component Use-after-free elevation of privilege Critical CVE-2026-20876 Windows VBS Enclave Use-after-free elevation of privilege Critical Remote code execution flaws in Windows Local Security Authority Subsystem Service (LSASS) and Office products pose significant risks, particularly for enterprises with internet-facing systems. Elevation of privilege issues dominate the Windows kernel drivers, management services, and SMB server components. Zero-Day Vulnerabilities Under Active Exploitation Three zero-day vulnerabilities patched in this release have been exploited in the wild. CVE-2026-20805 affects Desktop Window Manager and enables information disclosure, allowing attackers to access sensitive data without authorization. Security researchers at Check Point rated this vulnerability as high severity, and Microsoft confirmed active exploitation as of January 13, 2026. CVE-2026-21265 targets Windows Digital Media components and provides attackers with elevation of privilege capabilities. This vulnerability is commonly used in chained attacks where initial access is combined with privilege escalation to achieve complete system compromise. CVE ID Component Type Severity CVE-2026-20805 Desktop Windows Manager Information Disclosure Important CVE-2026-21265 Windows Digital Media Elevation of Privilege Not specified CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Not specified CVE-2023-31096, despite its earlier assignment date, appears in the January 2026 cumulative updates as a backported fix related to the Windows Agere Soft Modem Driver. Microsoft January 2026 Patch CVE Number CVE Title Impact CVE-2026-20822 Windows Graphics Component Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20876 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20944 Microsoft Word Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20955 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20854 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability Information Disclosure CVE-2026-21265 Secure Boot Certificate Expiration Security Feature Bypass Vulnerability Security Feature Bypass CVE-2026-0386 Windows Deployment Services Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20965 Windows Admin Center Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20804 Windows Hello Tampering Vulnerability Tampering CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability Information Disclosure CVE-2026-20808 Windows File Explorer Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20809 Windows Kernel Memory Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20811 Win32k Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20812 LDAP Tampering Vulnerability Tampering CVE-2026-20814 DirectX Graphics Kernel Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20815 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20816 Windows Installer Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20817 Windows Error Reporting Service Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20818 Windows Kernel Information Disclosure Vulnerability Information Disclosure CVE-2026-20819 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Information Disclosure CVE-2026-20820 Windows Common Log File System Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20821 Remote Procedure Call Information Disclosure Vulnerability Information Disclosure CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20824 Windows Remote Assistance Security Feature Bypass Vulnerability Security Feature Bypass CVE-2026-20825 Windows Hyper-V Information Disclosure Vulnerability Information Disclosure CVE-2026-20826 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Elevation of Privilege CVE-2026-20827 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Information Disclosure CVE-2026-20828 Windows rndismp6.sys Information Disclosure Vulnerability Information Disclosure CVE-2026-20829 TPM Trustlet Information Disclosure Vulnerability Information Disclosure CVE-2026-20831 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20832 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20833 Windows Kerberos Information Disclosure Vulnerability Information Disclosure CVE-2026-20834 Windows Spoofing Vulnerability Spoofing CVE-2026-20835 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Information Disclosure CVE-2026-20836 DirectX Graphics Kernel Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20837 Windows Media Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20838 Windows Kernel Information Disclosure Vulnerability Information Disclosure CVE-2026-20839 Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability Information Disclosure CVE-2026-20840 Windows NTFS Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20842 Microsoft DWM Core Library Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20844 Windows Clipboard Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20847 Microsoft Windows File Explorer Spoofing Vulnerability Spoofing CVE-2026-20851 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Information Disclosure CVE-2026-20852 Windows Hello Tampering Vulnerability Tampering CVE-2026-20856 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20857 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20858 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20860 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20864 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20865 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20869 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20875 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Denial of Service CVE-2026-20877 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20919 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20920 Win32k Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20921 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20922 Windows NTFS Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20923 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20924 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20925 NTLM Hash Disclosure Spoofing Vulnerability Spoofing CVE-2026-20926 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20927 Windows SMB Server Denial of Service Vulnerability Denial of Service CVE-2026-20932 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20938 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20940 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Remote Code Execution CVE-2026-20946 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20951 Microsoft SharePoint Server Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20956 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20959 Microsoft SharePoint Server Spoofing Vulnerability Spoofing CVE-2026-20963 Microsoft SharePoint Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-21221 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20947 Microsoft SharePoint Server Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20843 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20853 Windows WalletService Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-21219 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20861 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability Information Disclosure CVE-2026-20863 Win32k Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20866 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20867 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20868 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20870 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20871 Desktop Windows Manager Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20872 NTLM Hash Disclosure Spoofing Vulnerability Spoofing CVE-2026-20873 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20874 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege CVE-2024-55414 Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20929 Windows HTTP.sys Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20931 Windows Telephony Service Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Information Disclosure CVE-2026-20936 Windows NDIS Information Disclosure Vulnerability Information Disclosure CVE-2026-20937 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20939 Windows File Explorer Information Disclosure Vulnerability Information Disclosure CVE-2026-20948 Microsoft Word Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability Security Feature Bypass CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability Information Disclosure CVE-2026-20941 Host Process for Windows Tasks Elevation of Privilege Vulnerability Elevation of Privilege CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability Remote Code Execution Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore cyber security Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks 0 Handala Hack is an Iranian state-linked destructive actor that... Cyber Attack Cyberattack Hits Poland’s Nuclear Research Center 0 Poland's National Centre for Nuclear Research recently experienced a... Cyber Attack CamelClone Uses Public File-Sharing Sites in Government Cyberattacks 0 A new cyber espionage campaign dubbed Operation CamelClone, targeting... AI Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories 0 Zach Rice, the original creator of the widely popular... Botnet RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs 0 RondoDox is a Mirai‑style botnet that has quickly evolved... cyber security MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time 0 Every day, billions of people rely on postal and... Android Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services 0 Google is preparing to launch Android 17, introducing a... Cyber Security News Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services 0 Tenable Research recently uncovered “LeakyLooker,” a critical set of... Related Articles Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks cyber security March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Cyber Attack March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Cyber Attack March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories AI March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Botnet March 16, 2026 Recent News Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks Mayura Kathir - March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Divya - March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Mayura Kathir - March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories Divya - March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Mayura Kathir - March 16, 2026 MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time Mayura Kathir - March 16, 2026