Microsoft January 2026 Patch Tuesday Fixes 3 Zero-Days, 114 Security Flaws
BigBlogReport Tech News
Microsoft January 2026 Patch Tuesday Fixes 3 Zero-Days, 114 Security Flaws
By BigBlogReport Cybersecurity Desk
January 2026
Microsoft has released its January 2026 Patch Tuesday security updates, addressing 114 vulnerabilities across its Windows ecosystem. The update includes fixes for three zero-day vulnerabilities, one of which was actively exploited in the wild, while two were publicly disclosed before patches became available.
This month’s release also resolves eight Critical vulnerabilities, highlighting the urgent need for organizations and individual users to apply updates without delay.
Key Highlights – BigBlogReport
- 114 total security flaws fixed
- 3 zero-day vulnerabilities, including 1 actively exploited
- 8 Critical vulnerabilities
- 6 Remote Code Execution (RCE)
- 2 Elevation of Privilege (EoP)
Vulnerability Breakdown
According to Microsoft, the patched vulnerabilities are categorized as follows:
- 57 Elevation of Privilege vulnerabilities
- 3 Security Feature Bypass vulnerabilities
- 22 Remote Code Execution vulnerabilities
- 22 Information Disclosure vulnerabilities
- 2 Denial of Service vulnerabilities
- 5 Spoofing vulnerabilities
Elevation of Privilege vulnerabilities remain the most prevalent, reflecting attackers’ continued focus on gaining higher system-level access after initial compromise.
Three Zero-Days Fixed in January 2026
Microsoft defines a zero-day vulnerability as one that is publicly disclosed or actively exploited before an official security patch is released. January’s Patch Tuesday addresses three such vulnerabilities.
Actively Exploited Zero-Day
CVE-2026-20805 – Desktop Window Manager Information Disclosure
Microsoft confirmed that CVE-2026-20805 was actively exploited prior to this month’s update. The vulnerability affects Desktop Window Manager (DWM) and allows an authorized attacker to disclose sensitive information locally.
“Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally,” Microsoft stated.
Successful exploitation enables attackers to read memory addresses associated with a remote ALPC port, potentially exposing user-mode memory data.
The vulnerability was discovered by the Microsoft Threat Intelligence Center (MSTIC) in collaboration with the Microsoft Security Response Center (MSRC). Microsoft has not disclosed technical details regarding how the flaw was exploited.
Publicly Disclosed Zero-Day Vulnerabilities
CVE-2026-21265 – Secure Boot Certificate Expiration Bypass
Microsoft warned that Windows Secure Boot certificates issued in 2011 are approaching expiration, which could allow threat actors to bypass Secure Boot protections on unpatched systems.
Certificates Nearing Expiration
| Certificate Authority | Location | Purpose | Expiration Date |
|---|---|---|---|
| Microsoft Corporation KEK CA 2011 | KEK | Signs DB and DBX updates | June 24, 2026 |
| Microsoft Corporation UEFI CA 2011 | DB | Signs third-party boot loaders | June 27, 2026 |
| Microsoft Windows Production PCA 2011 | DB | Signs Windows Boot Manager | October 19, 2026 |
The January 2026 security updates renew these certificates, preserving the Secure Boot trust chain and ensuring continued verification of boot components.
Microsoft previously detailed this issue in a June advisory titled “Windows Secure Boot certificate expiration and CA updates.”
CVE-2023-31096 – Windows Agere Soft Modem Driver EoP
Microsoft also resolved CVE-2023-31096, an Elevation of Privilege vulnerability affecting a third-party Agere Soft Modem driver bundled with supported Windows versions.
Microsoft had previously warned that attackers were exploiting this vulnerability to gain administrative privileges on compromised systems. The company also announced plans to remove the vulnerable driver, which are now reflected in this update cycle.
Non-Security Updates Released
In addition to security fixes, Microsoft released non-security cumulative updates, including:
- Windows 11: KB5074109, KB5073455
- Windows 10 Extended Security Update: KB5073724
Users can review Microsoft’s dedicated documentation for details on performance improvements and feature refinements.
BigBlogReport Analysis
With active exploitation confirmed and Secure Boot protections at risk on unpatched systems, Microsoft’s January 2026 Patch Tuesday should be treated as critical. Organizations should prioritize patching internet-facing systems and endpoints with elevated privileges.
As cyber threats grow more sophisticated, timely patch management remains one of the strongest defenses against privilege escalation, data exposure, and system compromise.
Stay ahead of cyber threats.
Follow BigBlogReport for trusted tech news, cybersecurity updates, and in-depth analysis shaping the digital world.
