Microsoft Patch Tuesday January 2026 – 114 Vulnerabilities Fixed Including 3 Zero-days

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Microsoft’s January 2026 updates fix 114 vulnerabilities, with several remote code execution bugs rated critical across Office applications and Windows services such as LSASS.

This Patch Tuesday addresses critical remote code execution flaws and numerous elevation of privilege issues that could enable attackers to compromise systems.

Vulnerability Type Count
Remote Code Execution 22
Denial of Service 2
Elevation of Privilege 57
Information Disclosure 22
Security Feature Bypass 3
Spoofing 5
Tampering 3
Total 114

The release includes 12 critical CVEs and over 90 important CVEs, primarily elevation-of-privilege flaws in kernel drivers and management services.

Zero-Day Vulnerabilities

CVE-2026-20805 involves Desktop Windows Manager flaws exposing information, rated high by researchers. CVE-2026-21265 targets digital media handling for privilege gains, common in chained attacks. CVE-2023-31096 appears as a backported or related fix in the cumulative updates.

CVE ID Component Type Severity Key Notes
CVE-2026-20805 Desktop Windows Manager Information Disclosure Important (High per Check Point) Allows unauthorized access to sensitive data; patched January 13, 2026 ​
CVE-2026-21265 Windows Digital Media Elevation of Privilege Not specified Enables local privilege escalation ​
CVE-2023-31096 Unknown (legacy) Zero-day (contextual) Not specified Included in January 2026 updates despite earlier assignment 

Critical Vulnerabilities

Several critical remote code execution vulnerabilities stand out, including CVE-2026-20854 in Windows LSASS, stemming from a use-after-free error exploitable over networks.

The Office suite faces multiple threats: CVE-2026-20944 (Word out-of-bounds read), CVE-2026-20953 and CVE-2026-20952 (use-after-free), and CVE-2026-20955 and CVE-2026-20957 (Excel pointer issues and integer underflow).

Additional critical elevation-of-privilege bugs affect the Graphics Component (CVE-2026-20822) and the VBS Enclave (CVE-2026-20876), both of which exhibit use-after-free vulnerabilities locally.​

CVE ID Affected Component Description Summary Severity
CVE-2026-20854 Windows LSASS Use-after-free RCE Critical 
CVE-2026-20944 Microsoft Word Out-of-bounds read RCE Critical 
CVE-2026-20953 Microsoft Office Use-after-free RCE Critical 

Windows components dominate the most critical-rated issues, with over 30 elevation-of-privilege flaws in services such as Management Services, SMB Server, and Win32k, often via race conditions or use-after-free. Information disclosure bugs in File Explorer and VBS round out notable risks.

Deploy updates starting with internet-facing systems like WSUS (CVE-2026-20856) and SMB servers, then Office endpoints. Test in staging environments due to potential regressions in drivers like Cloud Files Mini Filter. Enable automatic updates for consumer devices and monitor CISA KEV for any rapid additions, as zero-days heighten urgency.

Microsoft Patch Tuesday Vulnerabilities Table

CVE Number CVE Title Impact
CVE-2026-20822 Windows Graphics Component Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20876 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20944 Microsoft Word Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20953 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20955 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20854 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20952 Microsoft Office Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20957 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability Information Disclosure
CVE-2026-21265 Secure Boot Certificate Expiration Security Feature Bypass Vulnerability Security Feature Bypass
CVE-2026-0386 Windows Deployment Services Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20965 Windows Admin Center Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20804 Windows Hello Tampering Vulnerability Tampering
CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability Information Disclosure
CVE-2026-20808 Windows File Explorer Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20809 Windows Kernel Memory Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20811 Win32k Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20812 LDAP Tampering Vulnerability Tampering
CVE-2026-20814 DirectX Graphics Kernel Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20815 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20816 Windows Installer Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20817 Windows Error Reporting Service Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20818 Windows Kernel Information Disclosure Vulnerability Information Disclosure
CVE-2026-20819 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Information Disclosure
CVE-2026-20820 Windows Common Log File System Driver Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20821 Remote Procedure Call Information Disclosure Vulnerability Information Disclosure
CVE-2026-20823 Windows File Explorer Information Disclosure Vulnerability Information Disclosure
CVE-2026-20824 Windows Remote Assistance Security Feature Bypass Vulnerability Security Feature Bypass
CVE-2026-20825 Windows Hyper-V Information Disclosure Vulnerability Information Disclosure
CVE-2026-20826 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Elevation of Privilege
CVE-2026-20827 Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability Information Disclosure
CVE-2026-20828 Windows rndismp6.sys Information Disclosure Vulnerability Information Disclosure
CVE-2026-20829 TPM Trustlet Information Disclosure Vulnerability Information Disclosure
CVE-2026-20831 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20832 Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20833 Windows Kerberos Information Disclosure Vulnerability Information Disclosure
CVE-2026-20834 Windows Spoofing Vulnerability Spoofing
CVE-2026-20835 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Information Disclosure
CVE-2026-20836 DirectX Graphics Kernel Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20837 Windows Media Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20838 Windows Kernel Information Disclosure Vulnerability Information Disclosure
CVE-2026-20839 Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability Information Disclosure
CVE-2026-20840 Windows NTFS Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20842 Microsoft DWM Core Library Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20844 Windows Clipboard Server Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2023-31096 MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20847 Microsoft Windows File Explorer Spoofing Vulnerability Spoofing
CVE-2026-20851 Capability Access Management Service (camsvc) Information Disclosure Vulnerability Information Disclosure
CVE-2026-20852 Windows Hello Tampering Vulnerability Tampering
CVE-2026-20856 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20857 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20858 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20859 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20860 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20864 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20865 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20869 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20875 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Denial of Service
CVE-2026-20877 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20918 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20919 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20920 Win32k Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20921 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20922 Windows NTFS Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20923 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20924 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20925 NTLM Hash Disclosure Spoofing Vulnerability Spoofing
CVE-2026-20926 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20927 Windows SMB Server Denial of Service Vulnerability Denial of Service
CVE-2026-20932 Windows File Explorer Information Disclosure Vulnerability Information Disclosure
CVE-2026-20934 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20938 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20940 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20943 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Remote Code Execution
CVE-2026-20946 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20951 Microsoft SharePoint Server Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20956 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20959 Microsoft SharePoint Server Spoofing Vulnerability Spoofing
CVE-2026-20963 Microsoft SharePoint Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-21221 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-21224 Azure Connected Machine Agent Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20947 Microsoft SharePoint Server Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20843 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20849 Windows Kerberos Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20853 Windows WalletService Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-21219 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20861 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20862 Windows Management Services Information Disclosure Vulnerability Information Disclosure
CVE-2026-20863 Win32k Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20866 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20867 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20868 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20870 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20871 Desktop Windows Manager Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20872 NTLM Hash Disclosure Spoofing Vulnerability Spoofing
CVE-2026-20873 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20874 Windows Management Services Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2024-55414 Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20929 Windows HTTP.sys Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20931 Windows Telephony Service Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-20935 Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability Information Disclosure
CVE-2026-20936 Windows NDIS Information Disclosure Vulnerability Information Disclosure
CVE-2026-20937 Windows File Explorer Information Disclosure Vulnerability Information Disclosure
CVE-2026-20939 Windows File Explorer Information Disclosure Vulnerability Information Disclosure
CVE-2026-20948 Microsoft Word Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20949 Microsoft Excel Security Feature Bypass Vulnerability Security Feature Bypass
CVE-2026-20950 Microsoft Excel Remote Code Execution Vulnerability Remote Code Execution
CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability Information Disclosure
CVE-2026-20941 Host Process for Windows Tasks Elevation of Privilege Vulnerability Elevation of Privilege
CVE-2026-21226 Azure Core shared client library for Python Remote Code Execution Vulnerability Remote Code Execution

Other Patch Tuesday Updates

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.