Microsoft’s January 2026 Patch Tuesday fixes 114 vulnerabilities across Windows and related components, including one actively exploited zero-day and two publicly disclosed zero-days.

Two previously disclosed Windows flaws, including a Secure Boot bypass and a privilege escalation issue, were patched this cycle, with the privilege escalation flaw viewed as more likely to be exploited in the wild.

The batch also includes fixes for 113 CVEs, among them two zero-days, one of which has been observed in active exploitation.

The severity chart shows a mix of Critical and Important risks, with multiple remote code execution and elevation-of-privilege vulnerabilities highlighted.

Security researchers warn that memory leaks can compound exploitation when paired with disclosed weaknesses, aiding code execution.

Patches span Windows core components, Edge, Office apps, SharePoint, SQL Server, and Windows subsystems such as Desktop Window Manager, LSASS, Kerberos, RPC, and file system drivers.

The update summary is intended for IT and security pros, drawing from Tenable’s blog and Microsoft’s official update guide.

Microsoft notes exploitation indicators and attack vectors, including Office’s Preview Pane vulnerabilities that could enable remote code execution for authenticated users.

The article compiles an extensive CVE list across product areas, underscoring the breadth of patches in this cycle.

Actively exploited zero-day CVE-2026-20805 in the Windows Desktop Window Manager leaks memory addresses and can help bypass ASLR, facilitating further attacks.

Another DWM flaw was patched that could disclose memory addresses via a remote ALPC port, with CVE-2026-20871 noted as an important but not exploited in the wild.

The fixes address a broad mix of categories: dozens of Elevation of Privilege, Remote Code Execution, Information Disclosure, Spoofing, and a few Denial of Service vulnerabilities.