Microsoft Patch Tuesday January 2026: Vulnerabilities Fixed
Microsoft’s January 2026 Patch Tuesday addresses 114 vulnerabilities, including several critical remote code execution (RCE) flaws. These high-severity bugs impact key targets such as Office...
Microsoft’s January 2026 Patch Tuesday addresses 114 vulnerabilities, including several critical remote code execution (RCE) flaws. These high-severity bugs impact key targets such as Office applications and core Windows services, notably LSASS. For a comprehensive overview of these fixes, administrators should consult the official <a href="https://msrc.microsoft
Table Of Content
This Patch Tuesday addresses critical remote code execution flaws and numerous elevation of privilege issues that could enable attackers to compromise systems.
| Vulnerability Type | Count |
|---|---|
| Remote Code Execution | 22 |
| Denial of Service | 2 |
| Elevation of Privilege | 57 |
| Information Disclosure | 22 |
| Security Feature Bypass | 3 |
| Spoofing | 5 |
| Tampering | 3 |
| Total | 114 |
The release includes 12 critical CVEs and over 90 important CVEs, primarily elevation-of-privilege flaws in kernel drivers and management services.
Zero-Day Vulnerabilities
CVE-2026-20805 involves Desktop Windows Manager flaws exposing information, rated high by researchers. CVE-2026-21265 targets digital media handling for privilege gains, common in chained attacks. CVE-2023-31096 appears as a backported or related fix in the cumulative updates.
Critical Vulnerabilities
Several critical remote code execution vulnerabilities stand out, including CVE-2026-20854 in Windows LSASS, stemming from a use-after-free error exploitable over networks.
The Office suite faces multiple threats: CVE-2026-20944 (Word out-of-bounds read), CVE-2026-20953 and CVE-2026-20952 (use-after-free), and CVE-2026-20955 and CVE-2026-20957 (Excel pointer issues and integer underflow).
Additional critical elevation-of-privilege bugs affect the Graphics Component (CVE-2026-20822) and the VBS Enclave (CVE-2026-20876), both of which exhibit use-after-free vulnerabilities locally.
Windows components dominate the most critical-rated issues, with over 30 elevation-of-privilege flaws in services such as Management Services, SMB Server, and Win32k, often via race conditions or use-after-free. Information disclosure bugs in File Explorer and VBS round out notable risks.
Deploy updates starting with internet-facing systems like WSUS (CVE-2026-20856) and SMB servers, then Office endpoints. Test in staging environments due to potential regressions in drivers like Cloud Files Mini Filter. Enable automatic updates for consumer devices and monitor CISA KEV for any rapid additions, as zero-days heighten urgency.
Microsoft Patch Tuesday Vulnerabilities Table
| CVE Number | CVE Title | Impact |
| CVE-2026-20822 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20876 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20944 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20953 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20955 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20854 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20952 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20957 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20962 | Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-21265 | Secure Boot Certificate Expiration Security Feature Bypass Vulnerability | Security Feature Bypass |
| CVE-2026-0386 | Windows Deployment Services Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20803 | Microsoft SQL Server Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20965 | Windows Admin Center Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20804 | Windows Hello Tampering Vulnerability | Tampering |
| CVE-2026-20805 | Desktop Window Manager Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20808 | Windows File Explorer Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20809 | Windows Kernel Memory Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20810 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20811 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20812 | LDAP Tampering Vulnerability | Tampering |
| CVE-2026-20814 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20815 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20816 | Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20817 | Windows Error Reporting Service Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20818 | Windows Kernel Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20819 | Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20820 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20821 | Remote Procedure Call Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20823 | Windows File Explorer Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20824 | Windows Remote Assistance Security Feature Bypass Vulnerability | Security Feature Bypass |
| CVE-2026-20825 | Windows Hyper-V Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20826 | Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability | Elevation of Privilege |
| CVE-2026-20827 | Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20828 | Windows rndismp6.sys Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20829 | TPM Trustlet Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20831 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20832 | Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20833 | Windows Kerberos Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20834 | Windows Spoofing Vulnerability | Spoofing |
| CVE-2026-20835 | Capability Access Management Service (camsvc) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20836 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20837 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20838 | Windows Kernel Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20839 | Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20840 | Windows NTFS Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20842 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20844 | Windows Clipboard Server Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2023-31096 | MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20847 | Microsoft Windows File Explorer Spoofing Vulnerability | Spoofing |
| CVE-2026-20851 | Capability Access Management Service (camsvc) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20852 | Windows Hello Tampering Vulnerability | Tampering |
| CVE-2026-20856 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20857 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20858 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20859 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20860 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20864 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20865 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20869 | Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20875 | Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Denial of Service |
| CVE-2026-20877 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20918 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20919 | Windows SMB Server Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20920 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20921 | Windows SMB Server Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20922 | Windows NTFS Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20923 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20924 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20925 | NTLM Hash Disclosure Spoofing Vulnerability | Spoofing |
| CVE-2026-20926 | Windows SMB Server Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20927 | Windows SMB Server Denial of Service Vulnerability | Denial of Service |
| CVE-2026-20932 | Windows File Explorer Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20934 | Windows SMB Server Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20938 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20940 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20943 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Remote Code Execution |
| CVE-2026-20946 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20951 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20956 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20959 | Microsoft SharePoint Server Spoofing Vulnerability | Spoofing |
| CVE-2026-20963 | Microsoft SharePoint Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20830 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-21221 | Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-21224 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20947 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20843 | Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20848 | Windows SMB Server Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20849 | Windows Kerberos Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20853 | Windows WalletService Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-21219 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20861 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20862 | Windows Management Services Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20863 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20866 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20867 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20868 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20870 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20871 | Desktop Windows Manager Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20872 | NTLM Hash Disclosure Spoofing Vulnerability | Spoofing |
| CVE-2026-20873 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20874 | Windows Management Services Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2024-55414 | Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20929 | Windows HTTP.sys Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20931 | Windows Telephony Service Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-20935 | Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20936 | Windows NDIS Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20937 | Windows File Explorer Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20939 | Windows File Explorer Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20948 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20949 | Microsoft Excel Security Feature Bypass Vulnerability | Security Feature Bypass |
| CVE-2026-20950 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution |
| CVE-2026-20958 | Microsoft SharePoint Information Disclosure Vulnerability | Information Disclosure |
| CVE-2026-20941 | Host Process for Windows Tasks Elevation of Privilege Vulnerability | Elevation of Privilege |
| CVE-2026-21226 | Azure Core shared client library for Python Remote Code Execution Vulnerability | Remote Code Execution |
Other Patch Tuesday Updates
- Node.js Security Release Patches 7 Vulnerabilities Across All Release Lines
- FortiSandbox SSRF Vulnerability Allows Attacker to proxy Internal Traffic via Crafted HTTP Requests
- SAP Security Patch Day January 2026 – Patch for Critical Injection and RCE Vulnerabilities
- FortiOS and FortiSwitchManager Vulnerability Let Remote Attackers Execute Arbitrary Code
- Cisco ISE Vulnerability Let Remote attacker Access Sensitive Data – Public PoC Available
- Cisco Snort 3 Detection Engine Vulnerability Leaks Sensitive Data
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.