Microsoft's Patch Tuesday: A Critical Security Update
In a crucial move, Microsoft has released patches to address a staggering 113 security vulnerabilities across its Windows operating systems and supported software. This January 2026 edition of Patch Tuesday highlights the importance of timely updates, as eight of these vulnerabilities are classified as "critical" by Microsoft, and one is already being actively exploited by attackers.
The zero-day flaw, CVE-2026-20805, is a result of a flaw in the Desktop Window Manager (DWM), a core component of Windows. Despite its middling CVSS score of 5.5, Microsoft confirms that threat actors are leveraging this vulnerability in the wild. Kev Breen, a senior director at Immersive, warns that such flaws are commonly used to bypass Address Space Layout Randomization (ASLR), a critical security control designed to protect against memory-related exploits.
"This vulnerability reveals the location of code in memory, allowing attackers to chain it with other code execution flaws. It transforms a complex exploit into a reliable and repeatable attack," Breen explains. Microsoft's lack of disclosure about the additional components involved limits defenders' ability to proactively hunt for related threats, making rapid patching the primary mitigation strategy.
Chris Goettl from Ivanti emphasizes the severity of CVE-2026-20805, despite its "Important" rating and relatively low CVSS score. "A risk-based approach warrants treating this vulnerability as more severe than the vendor rating suggests," Goettl states.
Among the critical flaws patched this month are two remote code execution bugs in Microsoft Office (CVE-2026-20952 and CVE-2026-20953). These vulnerabilities can be triggered simply by viewing a booby-trapped message in the Preview Pane, making them particularly dangerous.
In October 2025, Microsoft removed a modem driver after discovering that hackers were abusing a vulnerability in it. Today, Microsoft has taken a similar action, removing two more modem drivers (agrsm64.sys and agrsm.sys) due to the presence of functional exploit code for an elevation of privilege vulnerability (CVE-2023-31096). Adam Barnett at Rapid7 raises important questions about the remaining legacy modem drivers and the potential for more elevation-to-SYSTEM vulnerabilities.
"The mere presence of these drivers can render an asset vulnerable, even without a connected modem," Barnett cautions. "Microsoft's removal of the Agere modem driver in 2025 and the recent write-up on CVE-2023-31096 provide strong signals for anyone seeking Windows exploits.
Another critical vulnerability, CVE-2026-21265, is a Security Feature Bypass affecting Windows Secure Boot. This feature protects against threats like rootkits and bootkits, and its effectiveness relies on certificates that are set to expire in 2026. Once these certificates expire, Windows devices without the new 2023 certificates will no longer receive Secure Boot security fixes. Barnett emphasizes the importance of fully preparing for bootloader and BIOS updates to avoid rendering systems unbootable.
"The clock is ticking on the Microsoft root certificates that have been signing everything in the Secure Boot ecosystem since Stuxnet," Barnett warns. "Microsoft issued replacement certificates in 2023, but the need for timely updates remains critical.
In addition to Windows patches, Mozillahas released updates for Firefox and Firefox ESR, resolving 34 vulnerabilities, two of which are suspected to be exploited. Google Chrome and Microsoft Edge are also expected to release updates soon, addressing high-severity vulnerabilities.
Windows admins are advised to stay vigilant and monitor askwoody.com for any issues with the January 2026 patches. If you encounter any problems during installation, please share your experiences in the comments below. Stay secure, and keep your systems updated!
And there you have it, folks! A critical security update from Microsoft, with some intriguing insights and potential controversies. What are your thoughts on these vulnerabilities and the steps taken by Microsoft? Join the discussion and share your expertise!
