Microsoft January 2026 Patch Tuesday

January’s Patch Tuesday was released to fix security flaws in several Microsoft products such as SQL Server, Desktop Window Manager, Windows Kernel Memory, Windows Win32K – ICOMP, Windows Installer, Windows Kernel, Windows Common Log File System Driver, Windows File Explorer, Windows Media, Windows NTFS, Windows Shell, Windows SMB Server, Windows Kerberos Windows Local Security Authority Subsystem Service (LSASS), and Windows NTLM.

The actively exploited zero-day vulnerability in January’s Patch is:

• Desktop Window Manager Information Disclosure Vulnerability “CVE-2026- 20805” allows the authorized attacker to disclose information locally.

The publicly disclosed zero-day flaws are:

• Secure Boot Certificate Expiration Security Feature Bypass Vulnerability “CVE- 2026-21265” allows the attacker to bypass Secure Boot.
• Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability “CVE- 2023-31096” allows the unauthorized attacker to gain administrative privileges on compromised systems.

It should be highlighted that Microsoft is aware of the vulnerability “CVE-2023- 31096” in the third-party Agere Soft Modem drivers that ship natively with supported Windows operating systems. This is an announcement of the removal of “agrsm64.sys” and “agrsm.sys” drivers. The drivers have been removed in the January 2026 cumulative update.

Sample of the addressed vulnerabilities:

1. Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2026-20868):

• CVSS: 8.8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access

2. Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2026- 20931):

• CVSS: 8
• Attack Vector: Adjacent
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Consequences: Gain Privileges