Microsoft’s Latest Patch Tuesday Update Fixed 114 Vulnerabilities.
Microsoft has released the January “Patch Tuesday” update, and you should install these security fixes on your computer as soon as possible. This update addresses a total of 114 vulnerabilities, including three zero-day vulnerabilities (bugs that were actively exploited or publicly disclosed before the developer released an official patch).
According to BleepingComputer , vulnerabilities were discovered in the following categories: 57 privilege escalation vulnerabilities, three security feature bypass vulnerabilities, 22 remote code execution vulnerabilities, 22 information disclosure vulnerabilities, two denial of service vulnerabilities, and five spoofing vulnerabilities. Six remote code execution vulnerabilities and two privilege escalation vulnerabilities are considered “critical.”
Your computer should automatically receive security updates on Patch Tuesday, which occurs around 10:00 AM PT on the second Tuesday of the month. You can check this by going to Start > Settings > Windows Update and selecting “Check for Windows updates.”
Three zero-day vulnerabilities were patched in January.
One of three zero-day vulnerabilities patched this month is being actively exploited by attackers. The vulnerability, designated CVE-2026-20805 , is an information disclosure vulnerability in the Desktop Window Manager that allows attackers to access memory addresses from the remote ALPC port. This flaw was discovered by the Microsoft Threat Analysis Center (MSTIC) and the Microsoft Security Response Center (MSRC).
Two other zero-day vulnerabilities have been disclosed. CVE-2026-21265 is a vulnerability that allows attackers to bypass Secure Boot on systems that have not updated certificates issued in 2011 and are about to expire. CVE-2023-31096 is a privilege escalation vulnerability in third-party Agere software modem drivers shipped with supported Windows operating systems. Microsoft has removed these drivers from Windows.
Today, Microsoft released other non-security updates, as well as additional fixes for the Microsoft Edge and Mariner vulnerabilities discovered earlier this month.