Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
BleepingComputer • • general
Key Points:
- Microsoft released its January 2026 Patch Tuesday updates addressing 114 security vulnerabilities, including one actively exploited zero-day and two publicly disclosed zero-day flaws.
- Among the fixes are eight critical vulnerabilities, six of which are remote code execution flaws and two are elevation-of-privilege issues, with a total of 57 elevation-of-privilege and 22 remote code execution vulnerabilities patched.
- The actively exploited zero-day (CVE-2026-20805) affects the Desktop Window Manager, allowing local attackers to disclose sensitive information by reading user-mode memory associated with the remote ALPC port.
- Two publicly disclosed zero-days include a Secure Boot certificate expiration issue (CVE-2026-21265) threatening boot security if systems are not
