URL has been copied successfully!
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)


Tags: , , , , , , , , , , , , , , , , , , , , , , , ,
  1. 8Critical
  2. 105Important
  3. 0Moderate
  4. 0Low

Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild. Microsoft patched 113 CVEs in its January 2026 Patch Tuesday release, with eight rated critical and 105 rated as important. Our counts omitted one CVE that was assigned by MITRE, CVE-2023-31096. A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in January 2026 This month’s update includes patches for: Azure Connected Machine Agent Azure Core shared client library for Python Capability Access Management Service (camsvc) Connected Devices Platform Service (Cdpsvc) Desktop Window Manager Dynamic Root of Trust for Measurement (DRTM) Graphics Kernel Host Process for Windows Tasks Inbox COM Objects Microsoft Graphics Component Microsoft Office Microsoft Office Excel Microsoft Office SharePoint Microsoft Office Word Printer Association Object SQL Server Tablet Windows User Interface (TWINUI) Subsystem Windows Admin Center Windows Ancillary Function Driver for WinSock Windows Client-Side Caching (CSC) Service Windows Clipboard Server Windows Cloud Files Mini Filter Driver Windows Common Log File System Driver Windows DWM Windows Deployment Services Windows Error Reporting Windows File Explorer Windows HTTP.sys Windows Hello Windows Hyper-V Windows Installer Windows Internet Connection Sharing (ICS) Windows Kerberos Windows Kernel Windows Kernel Memory Windows Kernel-Mode Drivers Windows LDAP – Lightweight Directory Access Protocol Windows Local Security Authority Subsystem Service (LSASS) Windows Local Session Manager (LSM) Windows Management Services Windows Media Windows NDIS Windows NTFS Windows NTLM Windows Remote Assistance Windows Remote Procedure Call Windows Remote Procedure Call Interface Definition Language (IDL) Windows Routing and Remote Access Service (RRAS) Windows SMB Server Windows Secure Boot Windows Server Update Service Windows Shell Windows TPM Windows Telephony Service Windows Virtualization-Based Security (VBS) Enclave Windows WalletService Windows Win32K – ICOMP A bar chart showing the count by impact of CVEs patched in the January 2026 Patch Tuesday release Elevation of privilege (EoP) vulnerabilities accounted for 49.6% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 19.5%.

Important

CVE-2026-20805 – Desktop Window Manager Information Disclosure Vulnerability

CVE-2026-20805 is an information disclosure vulnerability affecting Desktop Window Manager. It was assigned a CVSSv3 score of 5.5 and was rated as important. Successful exploitation allows an authenticated attacker to access sensitive data. According to Microsoft, this vulnerability was exploited in the wild as a zero-day. Additionally, Microsoft patched another Desktop Window Manager vulnerability this month. CVE-2026-20871 is an EoP vulnerability that was assigned a CVSSv3 score of 7.8 and was rated as important. Contrary to CVE-2026-20805, CVE-2026-20871 was not exploited in the wild, although it was assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.

Important

CVE-2026-21265 – Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

CVE-2026-21265 is a security feature bypass in the Windows Secure Boot. It was assigned a CVSSv3 score of 6.4 and is rated important. It was assessed as “Exploitation Less Likely.” Microsoft certificates are stored in the Unified Extensible Firmware Interface (UEFI) Key Enrollment Key (also known as Key Exchange or KEK) and DB. These certificates are reaching their expiration date, so these certificates need to be updated to ensure Secure Boot functionality remains and to prevent future issues from arising. The following are the certificates set to expire in 2026:

Certificate Authority (CA) Expiration Date Purpose Location
Microsoft Corporation KEK CA 2011 June 24, 2026 Signs updates to the DB and DBX KEK
Microsoft Corporation UEFI CA 2011 June 27, 2026 Signs third party boot loaders, Option ROMs and more DB
Microsoft Windows Production PCA 2011 October 19, 2026 Signs the Windows Boot Manager DB

This vulnerability is considered “Publicly Disclosed” because the information about the expiration and the location of these certificates are public.

Critical

CVE-2026-20952 and CVE-2026-20953 – Microsoft Office Remote Code Execution Vulnerability

CVE-2026-20952 and CVE-2026-20953 are RCE vulnerabilities affecting Microsoft Office. Each of these vulnerabilities were assigned a CVSSv3 score of 8.4, rated as critical and assessed as “Exploitation Less Likely.” An attacker could exploit these flaws through social engineering by sending the malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Despite being flagged as “Exploitation Less Likely,” Microsoft notes that the Preview Pane is an attack vector for both vulnerabilities, which means exploitation does not require the target to open the file.

Important

CVE-2026-20840 and CVE-2026-20922 – Windows NTFS Remote Code Execution Vulnerability

CVE-2026-20840 and CVE-2026-20922 are RCE vulnerabilities affecting Windows New Technology File System (NTFS). Both were assigned CVSSv3 scores of 7.8 and are rated as important. Microsoft assessed both of these flaws as “Exploitation More Likely.” According to Microsoft, both these flaws stem from heap-based buffer overflows which can be exploited to execute arbitrary code on an affected system. Both advisories also note that any authenticated attacker can exploit these flaws, regardless of privilege level.

Tenable Solutions

A list of all the plugins released for Microsoft’s January 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched. For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Microsoft’s January 2026 Security Updates Tenable plugins for Microsoft January 2026 Patch Tuesday Security Updates Join Tenable’s Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats. Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2026/01/microsofts-january-2026-patch-tuesday-addresses-113-cves-cve-2026-20805/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)
  2. Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
  3. Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
  4. Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)