Microsoft has released its monthly security update for January 2026, addressing 114 vulnerabilities across its products, including three zero-day flaws, one of which has already been exploited in real-world attacks.
According to Microsoft, the update fixes eight critical vulnerabilities, comprising six remote code execution (RCE) flaws and two elevation of privilege issues. The remaining vulnerabilities are rated important and moderate, covering a wide range of Windows components and related software. (continues below)
Photo: screenshot
1. Desktop Window Manager (DWM), a core system component responsible for rendering the Windows user interface. The vulnerability allows attackers to rea…
Microsoft has released its monthly security update for January 2026, addressing 114 vulnerabilities across its products, including three zero-day flaws, one of which has already been exploited in real-world attacks.
According to Microsoft, the update fixes eight critical vulnerabilities, comprising six remote code execution (RCE) flaws and two elevation of privilege issues. The remaining vulnerabilities are rated important and moderate, covering a wide range of Windows components and related software. (continues below)
Photo: screenshot
1. Desktop Window Manager (DWM), a core system component responsible for rendering the Windows user interface. The vulnerability allows attackers to read certain areas of system memory associated with Remote ALPC ports. While the exposed data is not considered highly sensitive, it could be leveraged in advanced attacks, such as bypassing memory protection mechanisms or chaining with other vulnerabilities to escalate an attack.
Microsoft confirmed that this DWM vulnerability has already been exploited, but did not disclose technical details about the attack methods or related campaigns. The flaw was discovered by the Microsoft Threat Intelligence Centre (MSTIC) and the Microsoft Security Response Centre (MSRC).
2. Windows Secure Boot certificates that have been in use since 2011 and are due to expire in 2026. If left unpatched, attackers could exploit this weakness to bypass Secure Boot protections and run untrusted code during the system boot process.
Microsoft said the affected certificates are used by the Windows Boot Manager, boot loaders and third-party Option ROMs. Certificate expiration could undermine the integrity of the Secure Boot chain and increase the risk of firmware-level attacks. The latest update renews and replaces the affected certificates to maintain Secure Boot security, following an earlier advisory issued in June.
3. Agere Soft Modem driver, a third-party component bundled with multiple versions of Windows. The flaw allows attackers to escalate privileges from a standard user to administrator level and has previously been exploited in the wild.
To mitigate the risk, Microsoft has removed the vulnerable driver from Windows as part of the January update, rather than applying a direct code patch. The vulnerability was discovered by a researcher known as Zeze from TeamT5.
Beyond Microsoft, several other technology companies have also issued security updates this month, including Adobe, Cisco, Fortinet, Google (Android), SAP, ServiceNow, Trend Micro and Veeam.
Microsoft urged users and system administrators to apply the latest Windows updates and related security patches as soon as possible, particularly on systems with Secure Boot enabled and those potentially exposed to zero-day vulnerabilities, to reduce the risk of cyberattacks.
Source: Microsoft