Ddos 
Microsoft has kicked off 2026 with a massive security update, addressing a total of 114 vulnerabilities in its January Patch Tuesday release. The update includes eight critical flaws and 106 important severity vulnerabilities, covering a wide array of components from Windows NTFS to the Cloud Files Mini Filter Driver.
Security teams should prioritize this update immediately, as Microsoft has confirmed that three zero-day vulnerabilities are included in the batch, one of which is already seeing active exploitation in the wild.
The January update addresses a diverse range of threat vectors:
- 57 Elevation of Privilege vulnerabilities
- 22 Remote Code Execution vulnerabilities
- 22 Information Disclosure vulnerabilities
- 5 Spoofing vulnerabilities
- 3 Security Feature Bypass vulnerabilities
- 2 Denial of Service vulnerabilities
The most pressing threat in this month’s release is CVE-2026-20805, an Information Disclosure vulnerability in the Desktop Window Manager (DWM). According to the advisory, an unauthenticated attacker can exploit this flaw to expose a section address from a remote ALPC port, effectively leaking user-mode memory.
The Cybersecurity and Infrastructure Security Agency (CISA) has already added this flaw to its Known Exploited Vulnerabilities (KEV) Catalog, confirming active abuse by threat actors. CISA has issued a deadline, urging users to patch this specific vulnerability before February 3, 2026.
Two other zero-days were publicly disclosed prior to a fix being available:
- Agere Soft Modem Driver (CVE-2023-31096): This curious case involves third-party drivers that ship natively with Windows. Microsoft noted that “vulnerabilities in the third-party Agere Soft Modem drivers” could allow attackers to gain SYSTEM privileges. The fix is blunt but effective: Microsoft is simply “removing agrsm64.sys and agrsm.sys drivers” entirely.
- Secure Boot Bypass (CVE-2026-21265): This vulnerability relates to the expiration of Windows Secure Boot certificates issued in 2011. Microsoft warns that systems not updated face an “increased risk of threat actors bypassing Secure Boot”.
Beyond the zero-days, the update patches several critical Remote Code Execution (RCE) flaws that could allow attackers to take over systems.
Microsoft Office is a major target this month. Several vulnerabilities (CVE-2026-20944, CVE-2026-20952, CVE-2026-20953, CVE-2026-20955, CVE-2026-20957) affect Word and Excel. These flaws, ranging from “use-after-free” bugs to “integer underflows,” generally require an attacker to convince a user to open a malicious file.
Perhaps more concerning for enterprise administrators is CVE-2026-20854, a critical RCE in the Windows Local Security Authority Subsystem Service (LSASS). LSASS is the gatekeeper of Windows security, handling authentication and sensitive credentials. The report notes that an “authorized attacker” could exploit a use-after-free flaw to “execute code over a network”.
With active exploitation confirmed for at least one vulnerability, administrators are advised not to delay testing and deploying these patches.
Related Posts:
- Multiple SAML libraries flaws allow hackers to bypass authentication to SAML service providers
- CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
- Microsoft May 2025 Patch Tuesday Fixes 83 Vulnerabilities, Including 5 Exploited in the Wild
- Microsoft April 2025 Patch Tuesday: Critical Security Updates and Zero-Day Exploits
- Microsoft’s July 2025 Patch Tuesday: 140 Flaws Fixed, Including Zero-Day, RCEs & AMD CPU Threats
Donate