Comprehensive Guide to Microsoft Patch Tuesday – January 2026

Microsoft released security updates addressing 113 vulnerabilities across Windows operating systems and supported software. Eight flaws received a critical rating, and one zero‑day vulnerability is confirmed to be actively exploited. This month’s update cycle emphasizes the need for rapid patch deployment across enterprise environments.

Zero-Day Vulnerability: CVE‑2026‑20805 in Desktop Window Manager

The most urgent issue is CVE‑2026‑20805, a flaw in the Desktop Window Manager (DWM). Although assigned a moderate CVSS score, Microsoft confirms active exploitation. Security researchers warn that the vulnerability can weaken Address Space Layout Randomization (ASLR), enabling attackers to chain it with other exploits for reliable code execution.

Experts note that all supported and extended-support Windows versions are affected. Despite its “Important” rating, organizations are urged to treat this as a high‑priority threat.

Critical Microsoft Office Remote Code Execution Flaws

Two critical Microsoft Office vulnerabilities — CVE‑2026‑20952 and CVE‑2026‑20953 — allow remote code execution simply by viewing a malicious message in the Preview Pane. These flaws highlight the ongoing risks associated with document‑based attacks.

Legacy Modem Driver Removals: CVE‑2023‑31096

Microsoft removed additional legacy modem drivers after identifying an elevation‑of‑privilege vulnerability with publicly available exploit code. The affected drivers — agrsm64.sys and agrsm.sys — originated from a now‑defunct third‑party vendor and have been included in Windows for decades.

Security researchers warn that more outdated drivers may still be present on fully patched systems, and vulnerabilities may continue to surface. Notably, a system remains vulnerable even without a modem physically connected.

Secure Boot Bypass: CVE‑2026‑21265

A critical Secure Boot bypass vulnerability affects Windows systems relying on aging root certificates from 2011. These certificates expire in mid‑2026, and devices lacking the updated 2023 certificates will no longer receive Secure Boot protections. Incorrect remediation steps may render systems unbootable, making careful planning essential.

Browser Security Updates: Firefox, Chrome, and Edge

Mozilla released updates addressing 34 vulnerabilities in Firefox and Firefox ESR, including two suspected zero‑days. Updates for Google Chrome and Microsoft Edge are expected shortly, following a recent high‑severity Chrome WebView fix.

Additional Guidance for Administrators

Security teams can reference the SANS Internet Storm Center for per‑patch severity analysis and monitor AskWoody for reports of problematic updates. Rapid patching remains the most effective defense against active exploitation.