Microsoft has released its January 2026 Patch Tuesday updates, addressing more than 100 security vulnerabilities across a wide range of its software products, including one actively exploited zero-day and two other vulnerabilities that were previously publicly disclosed.
The actively exploited vulnerability, tracked as CVE-2026-20805, affects the Windows Desktop Window Manager and can lead to information disclosure. According to Microsoft, a successful exploit allows an attacker to read memory addresses associated with a remote Advanced Local Procedure Call (ALPC) port. Although the flaw was discovered by Microsoft's researchers, the company has not provided details on the attacks exploiting the issue.
Trend Micro’s Zero Day Initiative (ZDI) said that CVE-2026-20805 was likely used in targeted attacks as part of a larger exploit chain, where the leaked memory address information could help attackers bypass protections and ultimately achieve arbitrary code execution.
In addition to the actively exploited zero-day, Microsoft patched two Windows vulnerabilities that had been publicly disclosed ahead of the January updates. One flaw is CVE-2026-21265, a Secure Boot bypass issue, and the second is the privilege escalation flaw (CVE-2023-31096) in Microsoft Windows Agere Soft Modem Driver.
Microsoft has also fixed a bunch of high-severity security issues affecting Microsoft Word, Office, WSUS, SharePoint Server, Windows Media, RRAS, Microsoft Inbox COM Objects, and other software.