Microsoft’s Latest Patch Tuesday Fixes 114 Vulnerabilities
Microsoft has released its “Patch Tuesday” update for January and you should make sure your computer receives these security fixes as soon as possible. This update fixes 114 vulnerabilities in total, including three zero-days (bugs that were actively exploited or publicly disclosed before an official patch was available from the developer).
As reported by BleepingComputer, security vulnerabilities were found in the following categories: 57 elevation of privilege vulnerabilities, three security feature bypass vulnerabilities, 22 remote code execution vulnerabilities, 22 information disclosure vulnerabilities, two denial of service vulnerabilities, and five spoofing vulnerabilities. Six of the remote code execution vulnerabilities and two of the elevation of privilege vulnerabilities are considered “critical.”
Your computer should automatically receive security updates when Patch Tuesday is released, which is around 10 a.m. PT on the second Tuesday of the month. You can check to confirm by going to Start > Settings > Windows Update and selecting Check for Windows Updates
Three zero-days patched in January
One of the three zero days set this month was actively exploited in nature. The flaw, titled CVE-2026-20805, is an information disclosure vulnerability in Desktop Windows Manager that allows attackers to access memory addresses from a remote ALPC port. Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) were credited with identifying this bug.
What do you think of it so far?
The other two zero days were made public. CVE-2026-21265 is a security bypass feature vulnerability that allows malicious actors to bypass Secure Boot on systems that have not updated certificates issued in 2011 and about to expire. CVE-2023-31096 is an elevation of privilege vulnerability in third-party Agere Soft Modem drivers provided with installed supported Windows operating systems. Microsoft has removed these drivers from Windows.
Microsoft released other non-security updates today, as well as additional fixes for the Microsoft Edge and Mariner vulnerabilities earlier this month.
