Microsoft has released its first Patch Tuesday update of 2026, and the update fixes a large number of security issues across Windows and related components. The January update addresses a total of 114 vulnerabilities, including one flaw that is already being actively exploited by attackers.
Out of the 114 flaws, Microsoft has rated eight as Critical and the remaining 106 as Important. A large portion of the fixes are related to privilege escalation issues, which allow attackers to gain higher system permissions. Other patched bugs include problems related to information disclosure, remote code execution, and spoofing. Security researchers note that this is one of Microsoft’s biggest January updates in recent years.
Also Read: Why Modern PC Games Now Require TPM and Secure Boot
The most serious issue in this update is a vulnerability tracked as CVE-2026-20805. This flaw affects the Windows Desktop Window Manager, a core system component responsible for rendering everything you see on the screen. Microsoft has confirmed that this vulnerability has been exploited in real-world attacks. But the company didn’t provide details about who is behind the attacks or how widespread they are have not been shared.
The flaw allows a locally authenticated attacker to access sensitive memory information. While it does not give full control on its own, experts say it can be used as part of a larger attack. By leaking memory addresses, attackers can weaken protections like Address Space Layout Randomization. This makes it easier to exploit other bugs and run malicious code.
Microsoft has also fixed two security issues in its Edge browser since the last Patch Tuesday. These include a spoofing bug in the Android version of Edge and a high-severity issue related to Chromium’s WebView component.
Microsoft also patched a vulnerability in Secure Boot. This could allow attackers to bypass security checks tied to Secure Boot certificates. This comes at a critical time, as several older Windows Secure Boot certificates issued in 2011 are set to expire starting June 2026. Microsoft has warned users and businesses to update to newer certificates to avoid boot issues and potential security risks in the future.
The January update also removes older Agere modem drivers that are still present on some Windows systems. These drivers have been linked to known privilege escalation flaws that could allow attackers to gain SYSTEM-level access. Microsoft has been gradually removing such vulnerable drivers after reports of real-world abuse over the past year.
Another notable fix is the vulnerability that affects Windows Virtualization-Based Security. This flaw could allow attackers with high privileges to break into one of Windows’ most trusted security layers. While exploitation requires an attacker to already have access to the system, the impact is severe enough that security experts strongly recommend installing the update as soon as possible.
Following confirmation of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-20805 to its Known Exploited Vulnerabilities list. Federal agencies are required to apply the fix by February 3, 2026, highlighting the seriousness of the threat.
Alongside Microsoft, many other major vendors have also released security updates this month, including Google, Adobe, Cisco, Intel partners, and several Linux distributions. This makes January an important patching period for both individual users and organizations.
