Microsoft has released its January 2026 Patch Tuesday updates, addressing a total of 114 security vulnerabilities across its product range. Among these fixes are three zero-day issues, one of which was actively exploited in the wild, alongside two that had already been publicly disclosed.
This month’s update also resolves eight vulnerabilities rated as Critical. Six of these could allow remote code execution, while the remaining two relate to elevation of privilege, meaning attackers could potentially gain higher levels of access on affected systems.
The January updates break down as follows:
These figures reflect only the security updates released by Microsoft as part of Patch Tuesday itself. They do not include fixes for Microsoft Edge or Mariner, which were released earlier in the month. Separate cumulative updates have also been issued for Windows 10 and Windows 11, covering non-security improvements and bug fixes.
Microsoft defines a zero-day vulnerability as an issue that is either actively exploited or publicly known before an official fix is made available. January’s updates resolve three such flaws.
One actively exploited vulnerability has been patched:
This issue affects the Windows Desktop Window Manager and could allow a local attacker to access sensitive information from system memory. Successful exploitation may enable an attacker to read certain memory addresses associated with inter-process communication ports.
While Microsoft confirmed that the vulnerability was being actively exploited, limited technical detail has been shared publicly about how attacks were carried out.
Two additional zero-day issues had already been disclosed prior to this update.
Microsoft has warned that several Secure Boot certificates issued in 2011 are approaching their expiration dates throughout 2026. Systems that are not updated may be at increased risk of Secure Boot protections being bypassed, potentially allowing untrusted or malicious boot components to run.
The January updates renew the affected certificates to maintain the Secure Boot trust chain and ensure continued verification of bootloaders and related components. Organisations running older or tightly controlled environments should treat this update as a priority to avoid future boot-level security issues.
Microsoft has also completed the removal of vulnerable third-party modem drivers that ship with supported versions of Windows. These drivers had previously been linked to real-world attacks where threat actors gained administrative privileges on compromised systems.
As part of the January 2026 cumulative updates, the affected drivers have now been fully removed from Windows, closing off this attack path.
January has also been a busy month for security updates beyond Microsoft. Several other major technology vendors have released patches or advisories, including fixes for critical and actively exploited issues.
Updates were released for a wide range of products, including creative software suites, identity and access management platforms, network security appliances, enterprise backup solutions, and widely used automation and PDF generation tools. In several cases, vulnerabilities could allow remote code execution or privilege escalation if left unpatched.
This reinforces the importance of looking beyond operating system updates and maintaining a comprehensive patch management process across the entire technology stack.
Organisations should review the January 2026 Microsoft updates as a priority, particularly given the presence of an actively exploited zero-day and multiple privilege escalation flaws. Testing and deploying these patches promptly can significantly reduce exposure to real-world attacks.
Security teams should also take the opportunity to review update advisories from other vendors and ensure that critical third-party systems are not being overlooked.
A full list of the vulnerabilities addressed in Microsoft’s January 2026 Patch Tuesday, along with detailed technical information and affected systems, is available via Microsoft’s official security update guide.
If you need support assessing patch impact, prioritising updates, or improving your overall vulnerability management approach, this is a good moment to review your processes before attackers do it for you.