**Patch Tuesday, January 2026 Edition**
The January Patch Tuesday update has brought significant security enhancements to Microsoft's Windows operating systems and supported software, addressing no fewer than **113 vulnerabilities** across various products. Among these vulnerabilities, eight have earned the most-dire "critical" rating from Microsoft, with one bug already being exploited in the wild.
### The Most Critical Flaw: CVE-2026-20805
A critical flaw exists within the Desktop Window Manager (DWM), a fundamental component of Windows responsible for organizing windows on a user's screen. This vulnerability, known as CVE-2026-20805, has been confirmed to be actively exploited by attackers.
**Kev Breen, Senior Director of Cyber Threat Research at Immersive**, explained that despite the relatively low CVSS score of 5.5, Microsoft's confirmation of active exploitation underscores the potential severity of this flaw.
"Vulnerabilities like CVE-2026-20805 are commonly used to undermine Address Space Layout Randomization (ASLR), a core operating system security control designed to protect against buffer overflows and other memory-manipulation exploits," Breen noted. "By revealing where code resides in memory, this vulnerability can be chained with a separate code execution flaw, transforming a complex and unreliable exploit into a practical and repeatable attack."
Breen emphasized that rapid patching remains the most effective mitigation for CVE-2026-20805, due to the limited information available on potential exploit chains involving additional components.
### Other Critical Vulnerabilities
Among the critical flaws patched this month are two Microsoft Office remote code execution bugs (CVE-2026-20952 and CVE-2026-20953) that can be triggered simply by viewing a booby-trapped message in the Preview Pane. These vulnerabilities highlight the need for vigilance, even with seemingly innocuous actions.
### Legacy Modem Drivers Removed
Microsoft has also removed another couple of modem drivers from Windows due to concerns over their security. **Adam Barnett at Rapid7** noted that these driver removals are reminiscent of the October 2025 Patch Tuesday roundup, where a modem driver was removed due to its vulnerability to hacking.
"That's not a typo; this vulnerability was originally published via MITRE over two years ago, along with a credible public writeup by the original researcher," Barnett said. "Today's Windows patches remove agrsm64.sys and agrsm.sys. All three modem drivers were originally developed by the same now-defunct third party, and have been included in Windows for decades."
### Secure Boot Vulnerability
A critical Security Feature Bypass vulnerability affecting Windows Secure Boot has also been addressed (CVE-2026-21265). This security feature is designed to protect against threats like rootkits and bootkits, relying on a set of certificates that are set to expire in June 2026 and October 2026.
**Barnett cautioned that updating the bootloader and BIOS requires careful planning**, as incorrect remediation steps can lead to an unbootable system. "Fifteen years is a very long time indeed in information security, but the clock is running out on the Microsoft root certificates which have been signing essentially everything in the Secure Boot ecosystem since the days of Stuxnet," Barnett noted.
### Browser Vulnerabilities
Mozilla has released updates for Firefox and Firefox ESR resolving a total of 34 vulnerabilities, two of which are suspected to be exploited (CVE-2026-0891 and CVE-2026-0892). Similarly, Google Chrome and Microsoft Edge updates are expected this week, along with a high-severity vulnerability in Chrome WebView resolved in the January 6 Chrome update.
### Action Items
* Windows admins should review the per-patch breakdown by severity and urgency provided by the SANS Internet Storm Center. * Keep an eye on askwoody.com for news about patches that don't quite play nice with everything. * If you experience any issues related to installing January's patches, please drop a line in the comments below.
This Patch Tuesday update underscores the importance of ongoing vigilance and attention to security updates. It is crucial for organizations to prioritize patching, especially when dealing with critical vulnerabilities like CVE-2026-20805.