Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
Published:
14 January 2026 at 09:38:00
Alert date:
14 January 2026 at 11:36:08
Source:
thehackernews.com
Operating Systems, Zero-Day Vulnerabilities
Microsoft released its first security update for 2026, addressing 114 security flaws in Windows. One vulnerability has been actively exploited in the wild. Of the 114 flaws, 8 are rated Critical and 106 are rated Important in severity. The vulnerabilities include 58 privilege escalation flaws, 22 information disclosure issues, and 21 remote code execution vulnerabilities. This represents a significant monthly patch release with active exploitation occurring.
Technical details
Microsoft patched 114 security flaws in Windows, including CVE-2026-20805, an actively exploited information disclosure vulnerability in Desktop Window Manager (DWM) with CVSS score 5.5. The flaw allows authorized attackers to disclose section addresses from remote ALPC ports in user-mode memory, potentially defeating ASLR protections. Other critical issues include CVE-2026-21265 affecting Secure Boot Certificate Expiration (CVSS 6.4) and CVE-2026-20876 in Windows Virtualization-Based Security Enclave (CVSS 6.7) enabling VTL2 privilege escalation. Microsoft is also expiring three Windows Secure Boot certificates from 2011 in June 2026 and removed vulnerable Agere Soft Modem drivers.
Mitigation steps:
Apply Microsoft's January 2026 Patch Tuesday updates immediately, especially for CVE-2026-20805 which is actively exploited and must be patched by February 3, 2026 according to CISA KEV catalog. Update Windows Secure Boot certificates from 2011 versions to 2023 counterparts before expiration in June 2026. Remove vulnerable Agere Modem drivers. Federal agencies must comply with CISA's patching deadline.
Affected products:
Microsoft Windows
Microsoft Edge browser
Microsoft Edge Android app
Desktop Window Manager (DWM)
Windows Virtualization-Based Security (VBS) Enclave
Windows Secure Boot
Agere Soft Modem drivers (agrsm64.sys
agrsm.sys)
Chromium WebView tag
Related links:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
https://thehackernews.com/2025/12/microsoft-issues-security-fixes-for-56.html
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-65046
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-0628
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805
https://thehackernews.com/2024/05/microsoft-patches-61-flaws-including.html
https://www.action1.com/patch-tuesday/patch-tuesday-january-2026/
https://www.cisa.gov/news-events/alerts/2026/01/13/cisa-adds-one-known-exploited-vulnerability-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-21265
https://techcommunity.microsoft.com/blog/windows-itpro-blog/secure-boot-playbook-for-certificates-expiring-in-2026/4469235
https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-31096
https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20876
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.