Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws

Tag

CVE ID

CVE Title

Severity


Agere Windows Modem Driver

CVE-2023-31096

MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability

Important


Azure Connected Machine Agent

CVE-2026-21224

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Important


Azure Core shared client library for Python

CVE-2026-21226

Azure Core shared client library for Python Remote Code Execution Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20835

Capability Access Management Service (camsvc) Information Disclosure Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20851

Capability Access Management Service (camsvc) Information Disclosure Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20830

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-21221

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20815

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Important


Connected Devices Platform Service (Cdpsvc)

CVE-2026-20864

Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Important


Desktop Window Manager

CVE-2026-20805

Desktop Window Manager Information Disclosure Vulnerability

Important


Desktop Window Manager

CVE-2026-20871

Desktop Windows Manager Elevation of Privilege Vulnerability

Important


Dynamic Root of Trust for Measurement (DRTM)

CVE-2026-20962

Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability

Important


Graphics Kernel

CVE-2026-20836

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Important


Graphics Kernel

CVE-2026-20814

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Important


Host Process for Windows Tasks

CVE-2026-20941

Host Process for Windows Tasks Elevation of Privilege Vulnerability

Important


Inbox COM Objects

CVE-2026-21219

Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Important


Mariner

CVE-2026-21444

libtpms returns wrong initialization vector when certain symmetric ciphers are used

Moderate


Mariner

CVE-2025-68758

backlight: led-bl: Add devlink to supplier LEDs

Moderate


Mariner

CVE-2025-68757

drm/vgem-fence: Fix potential deadlock on release

Moderate


Mariner

CVE-2025-68764

NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

Moderate


Mariner

CVE-2025-68756

block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock

Important


Mariner

CVE-2025-68763

crypto: starfive – Correctly handle return of sg_nents_for_len

Moderate


Mariner

CVE-2025-68755

staging: most: remove broken i2c driver

Moderate


Mariner

CVE-2025-68759

wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()

Important


Mariner

CVE-2025-68766

irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()

Important


Mariner

CVE-2025-68753

ALSA: firewire-motu: add bounds check in put_user loop for DSP events

Important


Mariner

CVE-2025-68765

mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()

Moderate


Microsoft Edge (Chromium-based)

CVE-2026-0628

Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag

Unknown


Microsoft Graphics Component

CVE-2026-20822

Windows Graphics Component Elevation of Privilege Vulnerability

Critical


Microsoft Office

CVE-2026-20952

Microsoft Office Remote Code Execution Vulnerability

Critical


Microsoft Office

CVE-2026-20953

Microsoft Office Remote Code Execution Vulnerability

Critical


Microsoft Office

CVE-2026-20943

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Important
See also  Saatva Classic and the Saatva Solaire — we’ve tried both mattresses and this is the one we recommend to seniors shopping the Black Friday sales


Microsoft Office Excel

CVE-2026-20949

Microsoft Excel Security Feature Bypass Vulnerability

Important


Microsoft Office Excel

CVE-2026-20950

Microsoft Excel Remote Code Execution Vulnerability

Important


Microsoft Office Excel

CVE-2026-20956

Microsoft Excel Remote Code Execution Vulnerability

Important


Microsoft Office Excel

CVE-2026-20957

Microsoft Excel Remote Code Execution Vulnerability

Critical


Microsoft Office Excel

CVE-2026-20946

Microsoft Excel Remote Code Execution Vulnerability

Important


Microsoft Office Excel

CVE-2026-20955

Microsoft Excel Remote Code Execution Vulnerability

Critical


Microsoft Office SharePoint

CVE-2026-20958

Microsoft SharePoint Information Disclosure Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20959

Microsoft SharePoint Server Spoofing Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20947

Microsoft SharePoint Server Remote Code Execution Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20951

Microsoft SharePoint Server Remote Code Execution Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20963

Microsoft SharePoint Remote Code Execution Vulnerability

Important


Microsoft Office Word

CVE-2026-20948

Microsoft Word Remote Code Execution Vulnerability

Important


Microsoft Office Word

CVE-2026-20944

Microsoft Word Remote Code Execution Vulnerability

Critical


Printer Association Object

CVE-2026-20808

Windows File Explorer Elevation of Privilege Vulnerability

Important


SQL Server

CVE-2026-20803

Microsoft SQL Server Elevation of Privilege Vulnerability

Important


Tablet Windows User Interface (TWINUI) Subsystem

CVE-2026-20827

Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Important


Tablet Windows User Interface (TWINUI) Subsystem

CVE-2026-20826

Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Important


Windows Admin Center

CVE-2026-20965

Windows Admin Center Elevation of Privilege Vulnerability

Important


Windows Ancillary Function Driver for WinSock

CVE-2026-20831

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Important


Windows Ancillary Function Driver for WinSock

CVE-2026-20860

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Important


Windows Ancillary Function Driver for WinSock

CVE-2026-20810

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Important


Windows Client-Side Caching (CSC) Service

CVE-2026-20839

Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability

Important


Windows Clipboard Server

CVE-2026-20844

Windows Clipboard Server Elevation of Privilege Vulnerability

Important


Windows Cloud Files Mini Filter Driver

CVE-2026-20940

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important


Windows Cloud Files Mini Filter Driver

CVE-2026-20857

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important


Windows Common Log File System Driver

CVE-2026-20820

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Important


Windows Deployment Services

CVE-2026-0386

Windows Deployment Services Remote Code Execution Vulnerability

Important


Windows DWM

CVE-2026-20842

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Important


Windows Error Reporting

CVE-2026-20817

Windows Error Reporting Service Elevation of Privilege Vulnerability

Important


Windows File Explorer

CVE-2026-20939

Windows File Explorer Information Disclosure Vulnerability

Important


Windows File Explorer

CVE-2026-20932

Windows File Explorer Information Disclosure Vulnerability

Important


Windows File Explorer

CVE-2026-20937

Windows File Explorer Information Disclosure Vulnerability

Important


Windows File Explorer
See also  OpenAI Becomes Public Benefit Corporation, Microsoft Takes 27% Stake

CVE-2026-20823

Windows File Explorer Information Disclosure Vulnerability

Important


Windows Hello

CVE-2026-20852

Windows Hello Tampering Vulnerability

Important


Windows Hello

CVE-2026-20804

Windows Hello Tampering Vulnerability

Important


Windows HTTP.sys

CVE-2026-20929

Windows HTTP.sys Elevation of Privilege Vulnerability

Important


Windows Hyper-V

CVE-2026-20825

Windows Hyper-V Information Disclosure Vulnerability

Important


Windows Installer

CVE-2026-20816

Windows Installer Elevation of Privilege Vulnerability

Important


Windows Internet Connection Sharing (ICS)

CVE-2026-20828

Windows rndismp6.sys Information Disclosure Vulnerability

Important


Windows Kerberos

CVE-2026-20849

Windows Kerberos Elevation of Privilege Vulnerability

Important


Windows Kerberos

CVE-2026-20833

Windows Kerberos Information Disclosure Vulnerability

Important


Windows Kernel

CVE-2026-20838

Windows Kernel Information Disclosure Vulnerability

Important


Windows Kernel

CVE-2026-20818

Windows Kernel Information Disclosure Vulnerability

Important


Windows Kernel Memory

CVE-2026-20809

Windows Kernel Memory Elevation of Privilege Vulnerability

Important


Windows Kernel-Mode Drivers

CVE-2026-20859

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Important


Windows LDAP – Lightweight Directory Access Protocol

CVE-2026-20812

LDAP Tampering Vulnerability

Important


Windows Local Security Authority Subsystem Service (LSASS)

CVE-2026-20854

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Critical


Windows Local Security Authority Subsystem Service (LSASS)

CVE-2026-20875

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Important


Windows Local Session Manager (LSM)

CVE-2026-20869

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20924

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20874

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20862

Windows Management Services Information Disclosure Vulnerability

Important


Windows Management Services

CVE-2026-20866

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20867

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20861

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20865

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20858

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20918

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20877

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20923

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20873

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Media

CVE-2026-20837

Windows Media Remote Code Execution Vulnerability

Important


Windows Motorola Soft Modem Driver

CVE-2024-55414

Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability

Important


Windows NDIS

CVE-2026-20936

Windows NDIS Information Disclosure Vulnerability

Important


Windows NTFS

CVE-2026-20922

Windows NTFS Remote Code Execution Vulnerability

Important


Windows NTFS

CVE-2026-20840

Windows NTFS Remote Code Execution Vulnerability

Important


Windows NTLM

CVE-2026-20925

NTLM Hash Disclosure Spoofing Vulnerability

Important


Windows NTLM

CVE-2026-20872

NTLM Hash Disclosure Spoofing Vulnerability
See also  Best Fitbit fitness trackers and watches in 2025

Important


Windows Remote Assistance

CVE-2026-20824

Windows Remote Assistance Security Feature Bypass Vulnerability

Important


Windows Remote Procedure Call

CVE-2026-20821

Remote Procedure Call Information Disclosure Vulnerability

Important


Windows Remote Procedure Call Interface Definition Language (IDL)

CVE-2026-20832

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

Important


Windows Routing and Remote Access Service (RRAS)

CVE-2026-20868

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Important


Windows Routing and Remote Access Service (RRAS)

CVE-2026-20843

Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Important


Windows Secure Boot

CVE-2026-21265

Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

Important


Windows Server Update Service

CVE-2026-20856

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Important


Windows Shell

CVE-2026-20834

Windows Spoofing Vulnerability

Important


Windows Shell

CVE-2026-20847

Microsoft Windows File Explorer Spoofing Vulnerability

Important


Windows SMB Server

CVE-2026-20926

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20921

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20919

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20927

Windows SMB Server Denial of Service Vulnerability

Important


Windows SMB Server

CVE-2026-20848

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20934

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows Telephony Service

CVE-2026-20931

Windows Telephony Service Elevation of Privilege Vulnerability

Important


Windows TPM

CVE-2026-20829

TPM Trustlet Information Disclosure Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20938

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20935

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20819

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20876

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Critical


Windows WalletService

CVE-2026-20853

Windows WalletService Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20811

Win32k Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20870

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20920

Win32k Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20863

Win32k Elevation of Privilege Vulnerability

Important



Source link
Related Articles

Related posts:

  1. Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
  2. Microsoft fixes bug behind Windows certificate enrollment errors
  3. QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
  4. Microsoft fixes Windows Task Manager bug affecting performance
Exit mobile version