Blog

Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws

5 hours ago
6 minutes read

Tag

CVE ID

CVE Title

Severity


Agere Windows Modem Driver

CVE-2023-31096

MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability

Important


Azure Connected Machine Agent

CVE-2026-21224

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Important


Azure Core shared client library for Python

CVE-2026-21226

Azure Core shared client library for Python Remote Code Execution Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20835

Capability Access Management Service (camsvc) Information Disclosure Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20851

Capability Access Management Service (camsvc) Information Disclosure Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20830

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-21221

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Important


Capability Access Management Service (camsvc)

CVE-2026-20815

Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

Important


Connected Devices Platform Service (Cdpsvc)

CVE-2026-20864

Windows Connected Devices Platform Service Elevation of Privilege Vulnerability

Important


Desktop Window Manager

CVE-2026-20805

Desktop Window Manager Information Disclosure Vulnerability

Important


Desktop Window Manager

CVE-2026-20871

Desktop Windows Manager Elevation of Privilege Vulnerability

Important


Dynamic Root of Trust for Measurement (DRTM)

CVE-2026-20962

Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability

Important


Graphics Kernel

CVE-2026-20836

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Important


Graphics Kernel

CVE-2026-20814

DirectX Graphics Kernel Elevation of Privilege Vulnerability

Important


Host Process for Windows Tasks

CVE-2026-20941

Host Process for Windows Tasks Elevation of Privilege Vulnerability

Important


Inbox COM Objects

CVE-2026-21219

Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Important


Mariner

CVE-2026-21444

libtpms returns wrong initialization vector when certain symmetric ciphers are used

Moderate


Mariner

CVE-2025-68758

backlight: led-bl: Add devlink to supplier LEDs

Moderate


Mariner

CVE-2025-68757

drm/vgem-fence: Fix potential deadlock on release

Moderate


Mariner

CVE-2025-68764

NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

Moderate


Mariner

CVE-2025-68756

block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock

Important


Mariner

CVE-2025-68763

crypto: starfive – Correctly handle return of sg_nents_for_len

Moderate


Mariner

CVE-2025-68755

staging: most: remove broken i2c driver

Moderate


Mariner

CVE-2025-68759

wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()

Important


Mariner

CVE-2025-68766

irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()

Important


Mariner

CVE-2025-68753

ALSA: firewire-motu: add bounds check in put_user loop for DSP events

Important


Mariner

CVE-2025-68765

mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()

Moderate


Microsoft Edge (Chromium-based)

CVE-2026-0628

Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag

Unknown


Microsoft Graphics Component

CVE-2026-20822

Windows Graphics Component Elevation of Privilege Vulnerability

Critical


Microsoft Office

CVE-2026-20952

Microsoft Office Remote Code Execution Vulnerability

Critical


Microsoft Office

CVE-2026-20953

Microsoft Office Remote Code Execution Vulnerability

Critical
See also  Microsoft and OpenAI have a new deal that could clear the way for an IPO


Microsoft Office

CVE-2026-20943

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Important


Microsoft Office Excel

CVE-2026-20949

Microsoft Excel Security Feature Bypass Vulnerability

Important


Microsoft Office Excel

CVE-2026-20950

Microsoft Excel Remote Code Execution Vulnerability

Important


Microsoft Office Excel

CVE-2026-20956

Microsoft Excel Remote Code Execution Vulnerability

Important


Microsoft Office Excel

CVE-2026-20957

Microsoft Excel Remote Code Execution Vulnerability

Critical


Microsoft Office Excel

CVE-2026-20946

Microsoft Excel Remote Code Execution Vulnerability

Important


Microsoft Office Excel

CVE-2026-20955

Microsoft Excel Remote Code Execution Vulnerability

Critical


Microsoft Office SharePoint

CVE-2026-20958

Microsoft SharePoint Information Disclosure Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20959

Microsoft SharePoint Server Spoofing Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20947

Microsoft SharePoint Server Remote Code Execution Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20951

Microsoft SharePoint Server Remote Code Execution Vulnerability

Important


Microsoft Office SharePoint

CVE-2026-20963

Microsoft SharePoint Remote Code Execution Vulnerability

Important


Microsoft Office Word

CVE-2026-20948

Microsoft Word Remote Code Execution Vulnerability

Important


Microsoft Office Word

CVE-2026-20944

Microsoft Word Remote Code Execution Vulnerability

Critical


Printer Association Object

CVE-2026-20808

Windows File Explorer Elevation of Privilege Vulnerability

Important


SQL Server

CVE-2026-20803

Microsoft SQL Server Elevation of Privilege Vulnerability

Important


Tablet Windows User Interface (TWINUI) Subsystem

CVE-2026-20827

Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Important


Tablet Windows User Interface (TWINUI) Subsystem

CVE-2026-20826

Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Important


Windows Admin Center

CVE-2026-20965

Windows Admin Center Elevation of Privilege Vulnerability

Important


Windows Ancillary Function Driver for WinSock

CVE-2026-20831

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Important


Windows Ancillary Function Driver for WinSock

CVE-2026-20860

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Important


Windows Ancillary Function Driver for WinSock

CVE-2026-20810

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Important


Windows Client-Side Caching (CSC) Service

CVE-2026-20839

Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability

Important


Windows Clipboard Server

CVE-2026-20844

Windows Clipboard Server Elevation of Privilege Vulnerability

Important


Windows Cloud Files Mini Filter Driver

CVE-2026-20940

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important


Windows Cloud Files Mini Filter Driver

CVE-2026-20857

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

Important


Windows Common Log File System Driver

CVE-2026-20820

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Important


Windows Deployment Services

CVE-2026-0386

Windows Deployment Services Remote Code Execution Vulnerability

Important


Windows DWM

CVE-2026-20842

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Important


Windows Error Reporting

CVE-2026-20817

Windows Error Reporting Service Elevation of Privilege Vulnerability

Important


Windows File Explorer

CVE-2026-20939

Windows File Explorer Information Disclosure Vulnerability

Important


Windows File Explorer

See also  Former French President Nicolas Sarkozy's 5-year prison sentence begins this Tuesday

CVE-2026-20932

Windows File Explorer Information Disclosure Vulnerability

Important


Windows File Explorer

CVE-2026-20937

Windows File Explorer Information Disclosure Vulnerability

Important


Windows File Explorer

CVE-2026-20823

Windows File Explorer Information Disclosure Vulnerability

Important


Windows Hello

CVE-2026-20852

Windows Hello Tampering Vulnerability

Important


Windows Hello

CVE-2026-20804

Windows Hello Tampering Vulnerability

Important


Windows HTTP.sys

CVE-2026-20929

Windows HTTP.sys Elevation of Privilege Vulnerability

Important


Windows Hyper-V

CVE-2026-20825

Windows Hyper-V Information Disclosure Vulnerability

Important


Windows Installer

CVE-2026-20816

Windows Installer Elevation of Privilege Vulnerability

Important


Windows Internet Connection Sharing (ICS)

CVE-2026-20828

Windows rndismp6.sys Information Disclosure Vulnerability

Important


Windows Kerberos

CVE-2026-20849

Windows Kerberos Elevation of Privilege Vulnerability

Important


Windows Kerberos

CVE-2026-20833

Windows Kerberos Information Disclosure Vulnerability

Important


Windows Kernel

CVE-2026-20838

Windows Kernel Information Disclosure Vulnerability

Important


Windows Kernel

CVE-2026-20818

Windows Kernel Information Disclosure Vulnerability

Important


Windows Kernel Memory

CVE-2026-20809

Windows Kernel Memory Elevation of Privilege Vulnerability

Important


Windows Kernel-Mode Drivers

CVE-2026-20859

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Important


Windows LDAP – Lightweight Directory Access Protocol

CVE-2026-20812

LDAP Tampering Vulnerability

Important


Windows Local Security Authority Subsystem Service (LSASS)

CVE-2026-20854

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

Critical


Windows Local Security Authority Subsystem Service (LSASS)

CVE-2026-20875

Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability

Important


Windows Local Session Manager (LSM)

CVE-2026-20869

Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20924

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20874

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20862

Windows Management Services Information Disclosure Vulnerability

Important


Windows Management Services

CVE-2026-20866

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20867

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20861

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20865

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20858

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20918

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20877

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20923

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Management Services

CVE-2026-20873

Windows Management Services Elevation of Privilege Vulnerability

Important


Windows Media

CVE-2026-20837

Windows Media Remote Code Execution Vulnerability

Important


Windows Motorola Soft Modem Driver

CVE-2024-55414

Windows Motorola Soft Modem Driver Elevation of Privilege Vulnerability

Important


Windows NDIS

CVE-2026-20936

Windows NDIS Information Disclosure Vulnerability

Important


Windows NTFS

See also  Microsoft lifts Windows 11 update block for Easy Anti-Cheat users

CVE-2026-20922

Windows NTFS Remote Code Execution Vulnerability

Important


Windows NTFS

CVE-2026-20840

Windows NTFS Remote Code Execution Vulnerability

Important


Windows NTLM

CVE-2026-20925

NTLM Hash Disclosure Spoofing Vulnerability

Important


Windows NTLM

CVE-2026-20872

NTLM Hash Disclosure Spoofing Vulnerability

Important


Windows Remote Assistance

CVE-2026-20824

Windows Remote Assistance Security Feature Bypass Vulnerability

Important


Windows Remote Procedure Call

CVE-2026-20821

Remote Procedure Call Information Disclosure Vulnerability

Important


Windows Remote Procedure Call Interface Definition Language (IDL)

CVE-2026-20832

Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability

Important


Windows Routing and Remote Access Service (RRAS)

CVE-2026-20868

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Important


Windows Routing and Remote Access Service (RRAS)

CVE-2026-20843

Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability

Important


Windows Secure Boot

CVE-2026-21265

Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

Important


Windows Server Update Service

CVE-2026-20856

Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Important


Windows Shell

CVE-2026-20834

Windows Spoofing Vulnerability

Important


Windows Shell

CVE-2026-20847

Microsoft Windows File Explorer Spoofing Vulnerability

Important


Windows SMB Server

CVE-2026-20926

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20921

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20919

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20927

Windows SMB Server Denial of Service Vulnerability

Important


Windows SMB Server

CVE-2026-20848

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows SMB Server

CVE-2026-20934

Windows SMB Server Elevation of Privilege Vulnerability

Important


Windows Telephony Service

CVE-2026-20931

Windows Telephony Service Elevation of Privilege Vulnerability

Important


Windows TPM

CVE-2026-20829

TPM Trustlet Information Disclosure Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20938

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20935

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20819

Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Important


Windows Virtualization-Based Security (VBS) Enclave

CVE-2026-20876

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

Critical


Windows WalletService

CVE-2026-20853

Windows WalletService Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20811

Win32k Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20870

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20920

Win32k Elevation of Privilege Vulnerability

Important


Windows Win32K – ICOMP

CVE-2026-20863

Win32k Elevation of Privilege Vulnerability

Important



Source link

Related posts:

  1. Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
  2. Microsoft fixes bug behind Windows certificate enrollment errors
  3. QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
  4. Microsoft fixes Windows Task Manager bug affecting performance
Tags
5 hours ago
6 minutes read
Photo of Digit

Digit

Digit is a versatile content creator with expertise in Health, Technology, Movies, and News. With over 7 years of experience, he delivers well-researched, engaging, and insightful articles that inform and entertain readers. Passionate about keeping his audience updated with accurate and relevant information, Digit combines factual reporting with actionable insights. Follow his latest updates and analyses on DigitPatrox.
Back to top button
close