Microsoft on Tuesday released its first security update of 2026, addressing a total of 114 vulnerabilities, including one actively exploited in the wild. Of these, eight flaws are rated Critical, while 106 are classified as Important. The update covers a range of issues, including 58 privilege escalation vulnerabilities, 22 information disclosure flaws, 21 remote code execution risks, and five spoofing weaknesses. According to Fortra, this January Patch Tuesday ranks as the third-largest in recent history, following the January 2025 and January 2022 updates.
Among the notable flaws is CVE-2026-20805, an information disclosure vulnerability impacting Desktop Window Manager (DWM), with a CVSS score of 5.5. Microsoft’s advisory highlights that exploitation could allow authorized attackers to access sensitive memory information locally, including section addresses from a remote ALPC port. While details on exploitation in the wild remain limited, experts caution that such flaws can undermine operating system security measures such as Address Space Layout Randomization (ASLR), potentially enabling more sophisticated attacks when chained with additional code execution vulnerabilities. DWM has been a frequent target in Patch Tuesday updates, with previous exploits like CVE-2024-30051 used to deploy malware such as QakBot.
The January update also addresses Secure Boot Certificate Expiration (CVE-2026-21265), a flaw that could allow attackers to bypass critical firmware verification mechanisms, emphasizing the need for users to update expiring Windows Secure Boot certificates by June 2026. In addition, Microsoft removed outdated Agere Soft Modem drivers vulnerable to privilege escalation attacks, reinforcing prior removals of similarly affected drivers in 2025. Another critical vulnerability, CVE-2026-20876, affects Windows Virtualization-Based Security (VBS) Enclave, enabling attackers with high privileges to subvert security controls, maintain persistence, and evade detection. Experts recommend immediate patching to preserve the integrity of Windows security boundaries.
Beyond Microsoft, several other vendors issued security updates in early January 2026 to address vulnerabilities affecting a wide range of software and hardware. These include Adobe, AWS, AMD, Arm, Cisco, Dell, Google Chrome, Google Android and Pixel, Linux distributions such as Ubuntu and Red Hat, and security-focused vendors like Fortinet, Trend Micro, and Sophos. The widespread patches reflect ongoing global efforts to mitigate emerging risks, secure critical infrastructure, and protect end users from potential exploitation of known vulnerabilities. Users and organizations are urged to apply these updates promptly to maintain robust security and reduce exposure to evolving cyber threats.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
