Microsoft has released its January 2026 Patch Tuesday updates, with 114 security fixes across Windows, Office, and server products. This month’s release marks the first major security update of the year and includes three zero-day vulnerabilities, one of which is actively exploited in the wild.
Three actively exploited zero-day flaws:
- An elevation of privilege vulnerability in the Agere modem drivers.
- A security flaw in the third-party WinSqlite3.dll component.
- Fixes for expiring Secure Boot certificates.
Quick Links
Key Highlights: January 2026 Patch Tuesday
- Total CVEs Fixed: 114
- Critical Severity Vulnerabilities: 8
- Zero-Day Vulnerabilities: 3 (1 actively exploited)
- Remote Code Execution (RCE): 22 vulnerabilities
- Elevation of Privilege (EoP): 56 vulnerabilities
Critical Vulnerability: CVE-2026-20805 – Desktop Window Manager Information Disclosure
The most urgent threat this month is CVE-2026-20805, a zero-day information disclosure flaw in the Desktop Window Manager (DWM). Microsoft confirms that this vulnerability is actively exploited by threat actors in the wild.
- CVSS Score: 5.5 (Medium, but high impact due to exploitation)
- Impact: Allows authenticated attackers to leak memory addresses from ALPC ports, enabling further exploitation in multi-stage attacks.
Affected Systems:
- All supported Windows 11 versions (25H2, 24H2, 23H2)
- Windows 10 (Extended Security Updates)
- Windows Server editions
Organizations must deploy the patch as soon as possible, especially on internet-connected systems, domain controllers, and Azure Virtual Desktop environments.
Other High-Risk Vulnerabilities
CVE-2026-20854 – Windows LSASS RCE (CVSS: 7.5)
A critical remote code execution flaw in the Local Security Authority Subsystem Service (LSASS), allowing attackers to execute code over the network without elevated privileges. While Microsoft assesses exploitation as “less likely,” the potential impact justifies high-priority patching.
Microsoft Office RCE Flaws
Three critical vulnerabilities in Office applications:
- CVE-2026-20944 (Word): Out-of-bounds read → RCE
- CVE-2026-20957 (Excel): Integer underflow → RCE
- CVE-2026-20952 & CVE-2026-20953 (Office): CVSS 8.4 – Exploitable via Preview Pane, meaning no user interaction is required.
Security Recommendation: Disable the Preview Pane in Office applications to reduce attack surface.
CVE-2026-20822 – Windows Graphics Component (Use-after-free, CVSS: 7.8)
Enables SYSTEM-level privilege escalation through a race condition.
CVE-2026-20876 – Windows VBS Enclave Heap Overflow (CVSS: 6.7)
One of the first Virtual Trust Level 2 (VTL2) escalation bugs patched in the VBS system, posing a risk to systems using Windows Virtualization-Based Security.
Windows security updates
In addition to the security fixes listed above, the January Patch Tuesday includes cumulative updates for Windows 11 and Windows 10.
- Windows 11 25H2 & 24H2: KB5074109 (build 26200.7623)
- Windows 11 23H2: KB5073455 (build 26100.7623 )
Key Fixes:
- Resolved battery drain issues on devices with Neural Processing Units (NPUs)
- Fixed WSL networking failures causing “No route to host” errors
- Patched RemoteApp connection failures in Azure Virtual Desktop
- Removes outdated modem drivers:
agrsm64.sys,agrsm.sys,smserl64.sys, andsmserial.sys
For Windows 10 22H2 under ESU, KB5073724 provides continued security support for eligible devices. If you are running any of these Windows versions, ensure you apply these updates before installing the new patches.
Build Updates:
- Windows 10 22H2 → Build 19045.6809
- Windows 10 21H2 / Enterprise LTSC 2021 → Build 19044.6809
Note: This update is available exclusively to devices enrolled in the Extended Security Updates program or using Windows 10 Enterprise LTSC.
Download the Windows cumulative updates
All these security updates are automatically downloaded and installed on supported devices via Windows Update. If your device has not received them yet, open Settings > Update & Security (or Windows Update), and click Check for updates. Once the updates are installed, restart your device to apply the changes.
- Windows 11 KB5074109 (versions 24H2/25H2) offline installer – Direct Download Link (64-bit).
- Windows 11 KB5073455 (version 23H2) offline installer – Direct Download Link (64-bit).
- Windows 10 KB5073724 (version 22H2, ESU) offline installer – Direct Download Links: 64-bit and 32-bit (x86).
The links above open the Microsoft Update Catalog, a library of offline installers for Windows updates. Click the Download button next to the OS version installed on your machine, then run the .msu file to begin installing the update.
If you encounter any issues installing these updates, refer to our Windows Update troubleshooting guides to resolve problems such as stuck downloads or failed installations with various error codes.
Frequently Asked Questions
Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at approximately 10:00 AM Pacific Time (PT).
Patch Tuesday falls on the second Tuesday of each month. The next Patch Tuesday is scheduled for February 11, 2026.
The second Tuesday of each month is known as “Patch Tuesday” because Microsoft consolidates the most critical updates into this maintenance window.
The latest KB5074109 for Windows 11 version 25H2 and KB5073724 for Windows 10 version 22H2.
The term “Zero-Day” is used when security teams are unaware of a software vulnerability and have had “0” days to develop a security patch or update to fix it.
