Skip to main content
Mallory
Mallory

Microsoft January Patch Tuesday Security Updates for Windows 10/11

Patch TuesdayWindows 11Windows 10KB5074109MicrosoftKB5073455KB5073724Azure Virtual DesktopvulnerabilitiesSecure BootOffice
Updated January 15, 2026 at 07:05 PM12 sources
Microsoft January Patch Tuesday Security Updates for Windows 10/11

Get Ahead of Threats Like This

Know if you're exposed — before adversaries strike.

Microsoft shipped its January Patch Tuesday security updates for Windows 10 (including ESU/LTSC) and Windows 11, addressing a large set of vulnerabilities and rolling in additional platform hardening changes. Windows 10’s KB5073724 (ESU) updates systems to build 19045.6809 (and LTSC 2021 to 19044.6809) and includes security/bug fixes plus a phased update to handle expiring Secure Boot certificates; it also removes legacy Agere modem drivers (agrsm64.sys, agrsm.sys, smserl64.sys, smserial.sys), which can break dependent modem hardware. Windows 11 cumulative updates KB5074109 (25H2/24H2) and KB5073455 (23H2) are mandatory and include fixes for issues such as WSL mirrored networking failures (“No route to host”) impacting VPN access and RemoteApp connection failures in Azure Virtual Desktop environments.

Third-party analysis of the same Patch Tuesday release reported 112 vulnerabilities (with 8 marked critical) and at least one vulnerability observed exploited in the wild: CVE-2026-20805. The critical issues highlighted include multiple remote code execution vulnerabilities across Windows components and Office applications (including LSASS, Word, Excel, and Office), plus elevation of privilege flaws such as CVE-2026-20822 (Windows Graphics Component, use-after-free leading to potential SYSTEM privileges) and CVE-2026-20854 (LSASS RCE over the network without requiring elevated privileges). Organizations should prioritize rapid deployment of the January Windows updates, with particular attention to exploited-in-the-wild items and critical RCE/EoP paths.

Related Entities

Vulnerabilities

Information Disclosure in Windows Desktop Window Manager (DWM) (CVE-2026-20805)Local EoP in Windows Installer via TOCTOU race condition (CVE-2026-20816)Microsoft Office Use-After-Free Remote Code Execution (CVE-2026-20952) (CVE-2026-20952)Use-after-free in Microsoft Office (CVE-2026-20953) (CVE-2026-20953)LPE to SYSTEM in Broadcom/LSI PCI-SV92EX (Agere) Soft Modem driver (AGRSM64.sys) via IOCTL stack overflow (CVE-2023-31096)RCE in Windows LSASS via use-after-free (CVE-2026-20854) (CVE-2026-20854)EoP in Windows Graphics Component (use-after-free) (CVE-2026-20822)EoP via type confusion in Windows Ancillary Function Driver for WinSock (AFD) (CVE-2026-20860)Local EoP to SYSTEM in Windows Error Reporting (WER) ALPC SvcElevatedLaunch (CVE-2026-20817)Local EoP in Windows Desktop Window Manager (DWM) via use-after-free (CVE-2026-20871) (CVE-2026-20871)EoP in Windows Common Log File System (CLFS) Driver (heap-based buffer overflow) (CVE-2026-20820)RCE in Microsoft Office Word via out-of-bounds read (CVE-2026-20944) (CVE-2026-20944)Local EoP via heap-based buffer overflow in Windows VBS Enclave (VTL2) (CVE-2026-20876)Local RCE in Windows NTFS via heap-based buffer overflow (CVE-2026-20922) (CVE-2026-20922)Local EoP in Windows Routing and Remote Access Service (RRAS) (CVE-2026-20843)Heap-based buffer overflow RCE in Windows NTFS (CVE-2026-20840) (CVE-2026-20840)RCE in Microsoft Office Excel via untrusted pointer dereference (CVE-2026-20955) (CVE-2026-20955)RCE in Windows Routing and Remote Access Service (RRAS) via heap-based buffer overflow (CVE-2026-20868)RCE via deserialization of untrusted data in Microsoft Office SharePoint (CVE-2026-20963)RCE via SQL injection in Microsoft Office SharePoint (CVE-2026-20947) (CVE-2026-20947)RCE in Microsoft Office Excel via integer underflow (CVE-2026-20957)Secure Boot security feature bypass via expiring Microsoft UEFI certificates (2011 CA set) (CVE-2026-21265)

Organizations

Microsoft CorporationBleepingComputerZoom Communications

Affected Products

Windows 11Windows InstallerWindows 10ZoomWindows Common Log File System Driver

Sources

arctic wolf blog
Microsoft Patch Tuesday: January 2026 | Arctic Wolf
January 15, 2026 at 05:54 PM
techrepublic com security
Microsoft Patch Tuesday Fixes 112 Flaws, Includes SharePoint and Windows
January 15, 2026 at 01:53 PM
scworld
Microsoft January 2026 Patch Tuesday: 114 flaws addressed, including actively exploited 0-day | SC Media
January 14, 2026 at 04:38 PM
socradar blog
January 2026 Patch Tuesday: Active Zero-Day & 111 Other Flaws Addressed
January 14, 2026 at 10:34 AM
cyberthrone
Microsoft Patch Tuesday - January 2026 - TheCyberThrone
January 14, 2026 at 01:09 AM

5 more from sources like register security, cyberscoop, thecyberexpress com vulnerabilities and bleeping computer

Related Stories

Microsoft January Patch Tuesday Fixes 114 Vulnerabilities Including Three Zero-Days

Microsoft January Patch Tuesday Fixes 114 Vulnerabilities Including Three Zero-Days

Microsoft’s January Patch Tuesday security updates addressed **114 vulnerabilities**, including **three zero-days** reported as publicly known and/or exploited. Reported issues span multiple Windows and Microsoft product components, including **Desktop Window Manager (DWM)**, legacy modem drivers, and core OS services, with a mix of **information disclosure**, **elevation of privilege (EoP)**, **security feature bypass**, and **remote code execution (RCE)** flaws. Technical highlights called out include **CVE-2023-31096** (Windows Agere Soft Modem Driver EoP), **CVE-2026-20805** (DWM information disclosure), and a **Secure Boot certificate expiration** security feature bypass (**CVE-2026-21265**). The update set also includes multiple **Office/Excel/Word RCE** vulnerabilities (e.g., **CVE-2026-20952**, **CVE-2026-20953**, **CVE-2026-20955**, **CVE-2026-20957**, **CVE-2026-20944**), Windows privilege-escalation issues (e.g., **Windows Graphics Component** and **VBS Enclave** EoP), and cloud/agent components such as **Azure Connected Machine Agent** (**CVE-2026-21224**) and **Azure Core shared client library for Python** (**CVE-2026-21226**).

2 months ago
Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates

Microsoft’s March Patch Tuesday security release shipped fixes for **83 vulnerabilities** across its enterprise software and services, and was notable for having **no actively exploited zero-days** for the first time in six months. Microsoft flagged **six** vulnerabilities as “more likely to be exploited,” and noted two issues—`CVE-2026-21262` and `CVE-2026-26127`—were **publicly known** at release. Researchers highlighted an Excel information-disclosure issue, `CVE-2026-26144`, describing a scenario where an attacker could potentially induce a *Copilot Agent* to exfiltrate data in a **zero-click** style workflow, and also pointed to Office flaws `CVE-2026-26110` and `CVE-2026-26113` (CVSS 8.4) that could enable **arbitrary code execution** via the Office preview pane. Microsoft also released **mandatory Windows 11 cumulative updates** `KB5079473` (25H2/24H2) and `KB5078883` (23H2) that incorporate the March 2026 Patch Tuesday security fixes, along with additional non-security changes. The updates advance build numbers to **26200.8037/26100.8037** (25H2/24H2) and **22631.6783** (23H2), expand “high-confidence device targeting” to increase coverage for automatic delivery of new **Secure Boot certificates**, and include reliability improvements such as better File Explorer search across drives and changes to **Windows Defender Application Control (WDAC)** behavior for COM objects (policy listing support).

4 days ago
Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft February Patch Tuesday Fixes Six Zero-Day Vulnerabilities and Rolls Out New Secure Boot Certificates

Microsoft released its **February 2026 Patch Tuesday** security updates, addressing **54–58 vulnerabilities** across Windows and other Microsoft products, including **six zero-days** that were **publicly disclosed and/or actively exploited** prior to patch availability. Reported zero-days include `CVE-2026-21514` (Office Word security feature bypass), `CVE-2026-21513` (MSHTML security feature bypass), `CVE-2026-21510` (Windows Shell security feature bypass), `CVE-2026-21533` (Windows Remote Desktop Services elevation of privilege), `CVE-2026-21525` (Windows Remote Access Connection Manager DoS), and `CVE-2026-21519` (Desktop Window Manager elevation of privilege). The broader release spans common bug classes such as **RCE**, **EoP**, **information disclosure**, **spoofing**, **DoS**, and **security feature bypass**, with multiple **Critical** issues also called out, including Azure Compute Gallery flaws impacting *ACI Confidential Containers* (`CVE-2026-23655`, `CVE-2026-21522`). As part of the February Windows updates, Microsoft also began a **phased rollout of updated Secure Boot certificates** to replace the original **2011 certificates** ahead of their expiration in **late June 2026**, using “targeting data” and “successful update signals” to control deployment. Windows 11 cumulative updates (including **KB5077181** and **KB5075941**) were released as mandatory Patch Tuesday packages for supported Windows 11 versions, bundling the security fixes alongside additional reliability and feature changes. Separately, Adobe issued February security bulletins covering **44 CVEs** across multiple Creative Cloud products; those Adobe issues were not listed as publicly known or under active attack at release.

1 months ago

Get Ahead of Threats Like This

Mallory continuously monitors global threat intelligence and correlates it with your attack surface. Know if you're exposed — before adversaries strike.