Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Three Zero-Days

Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Three Zero-Days

Microsoft’s January 2026 Patch Tuesday includes security updates for 114 vulnerabilities, including three zero-days. One of these flaws was actively exploited in the wild, while two had been publicly disclosed prior to patching. Eight vulnerabilities are classified as critical, consisting of six remote code execution flaws and two elevation of privilege issues.

Breakdown of Vulnerabilities

  • 57 Elevation of Privilege vulnerabilities
  • 22 Remote Code Execution vulnerabilities
  • 22 Information Disclosure vulnerabilities
  • 5 Spoofing vulnerabilities
  • 3 Security Feature Bypass vulnerabilities
  • 2 Denial of Service vulnerabilities

These totals do not include one Microsoft Edge vulnerability and several Mariner-related issues that were addressed earlier in the month. Non-security updates released alongside Patch Tuesday include Windows 11 KB5074109 and KB5073455, as well as the Windows 10 KB5073724 Extended Security Update.

Zero-Day Vulnerabilities

January’s Patch Tuesday addresses three zero-day vulnerabilities, one of which was actively exploited.

CVE-2026-20805 | Desktop Window Manager Information Disclosure Vulnerability

This actively exploited flaw allows an authorized attacker to disclose sensitive information locally. Successful exploitation exposes section addresses associated with remote ALPC ports, revealing user-mode memory details that could assist in further exploitation. Microsoft attributes discovery to the Microsoft Threat Intelligence Center and Microsoft Security Response Center but has not disclosed details about how the vulnerability was exploited in the wild.

CVE-2026-21265 | Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

This publicly disclosed issue relates to the impending expiration of Secure Boot certificates issued in 2011. Systems that fail to update risk weakened Secure Boot enforcement, potentially allowing attackers to bypass boot-time protections. January’s updates renew the affected certificates, preserving the Secure Boot trust chain and maintaining validation of boot components. Microsoft previously disclosed this risk in a June advisory on Secure Boot certificate expiration.

CVE-2023-31096 | Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability

This vulnerability was previously linked to active exploitation and allowed attackers to gain administrative privileges via third-party modem drivers bundled with Windows. As part of the January 2026 updates, Microsoft has fully removed the vulnerable agrsm64.sys and agrsm.sys drivers from supported Windows versions. The issue is attributed to Zeze of TeamT5.

Other Critical Vulnerabilities

In addition to the zero-days, Microsoft addressed multiple critical remote code execution and privilege escalation vulnerabilities across Windows components. These flaws pose elevated risk in enterprise environments, particularly where attackers already have local access and can chain privilege escalation with other weaknesses.

Adobe and Other Vendor Updates

Several major vendors released security updates in January 2026:

  • Adobe issued patches for InDesign, Illustrator, InCopy, Bridge, ColdFusion, and multiple Substance 3D products.
  • Cisco released updates for an Identity Services Engine vulnerability with publicly available proof-of-concept exploit code.
  • Fortinet patched multiple products, including fixes for two remote code execution vulnerabilities.
  • D-Link confirmed active exploitation of a vulnerability affecting end-of-life router models.
  • Google released Android’s January security bulletin, including a fix for a critical Dolby DD+ codec vulnerability.
  • jsPDF fixed a critical flaw that could allow arbitrary file smuggling during PDF generation.
  • n8n patched a maximum-severity vulnerability known as “Ni8mare” that could enable full server takeover.
  • SAP released updates for multiple products, including a 9.9 severity code injection flaw in SAP Solution Manager.
  • ServiceNow disclosed a critical privilege escalation vulnerability in the ServiceNow AI Platform.
  • Trend Micro patched a critical SYSTEM-level RCE flaw in Apex Central (on-premise).
  • Veeam released updates addressing multiple vulnerabilities in Backup & Replication, including a critical RCE.

Recommendations for Users and Administrators

Organizations should prioritize deploying January’s updates, particularly for systems running Desktop Window Manager, Secure Boot-enabled environments, and legacy components that previously included third-party drivers. Systems that have not applied recent Secure Boot certificate updates face increased exposure as certificate expiration dates approach in mid to late 2026.

Security teams should also review third-party advisories from vendors such as Cisco, SAP, Veeam, and Trend Micro, especially where public exploit code or active exploitation has been reported. Coordinated patching across infrastructure, backup platforms, and identity services remains critical to reducing attack surface at the start of 2026.

Full technical details and patch links are available in Microsoft’s Security Update Guide.

How Can Netizen Help?

Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally. 

Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.

Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.

Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.

Posted in , ,

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.