Microsoft Patch Tuesday Fixes 112 Flaws, Includes SharePoint and Windows
Microsoft’s first Patch Tuesday of 2026 addressed 112 vulnerabilities across Windows, Office, Azure, Edge, SharePoint, SQL Server, and several core Windows services.
When third-party Chromium fixes are included, the total climbs to 114 CVEs.
The January release includes eight flaws rated Critical, with the remaining issues classified as Important, a combination that security teams say requires urgent patching.
The standout issue this month is CVE-2026-20805, an information disclosure vulnerability in Windows Desktop Window Manager (DWM). The bug allows attackers with local access to leak small portions of memory, which can weaken system defenses and make other attacks more reliable.
The bug carries a CVSS score of 5.5, which may look modest on paper. But researchers warn its real-world impact is far more serious. The US Cybersecurity and Infrastructure Security Agency (CISA) has now added the flaw to its Known Exploited Vulnerabilities Catalog.
Beyond the exploited flaw, Microsoft highlighted several other serious issues in this month’s release. The most severe vulnerabilities include:
- CVE-2026-20947 and CVE-2026-20963, both affecting Microsoft Office SharePoint
- CVE-2026-20868, impacting Windows Routing and Remote Access Service
- CVE-2026-20952 and CVE-2026-20955, affecting Microsoft Office
- CVE-2026-20944, impacting Microsoft Office Word
Microsoft also flagged eight vulnerabilities with CVSS scores of 7.8 as “exploitation more likely,” signaling increased risk even if active attacks have not yet been observed.
Secure Boot certificates raise another warning
January’s patches also draw renewed attention to the Secure Boot certificate expiration, tracked as CVE-2026-21265.
Microsoft warned that Secure Boot certificates issued in 2011 will begin expiring later this year. Systems that are not updated in time could stop trusting new boot loaders—or fail to receive future security updates.
Unlike most vulnerabilities, this one isn’t about immediate exploitation. Instead, ignoring it could leave systems unprotected or unpatchable later in 2026.
Legacy drivers finally shown the door
Microsoft also used this Patch Tuesday to clean up long-standing legacy risks.
As part of the January updates, the company removed outdated Agere and Motorola Soft Modem drivers linked to older elevation-of-privilege vulnerabilities. These drivers have been end-of-life for years, but were still shipping with Windows. For most users, the change will go unnoticed. However, organizations relying on legacy hardware may need to make adjustments.
With confirmed exploitation already underway, security teams are being urged to patch quickly, especially for Desktop Window Manager, SharePoint, and Windows networking services. Limiting local access, enforcing least-privilege policies, and monitoring for unusual activity can also reduce risk until patches are fully deployed.
The full list of vulnerabilities fixed in Microsoft’s January 2026 Patch Tuesday is available from the Microsoft Security Response Center.
Also read: A critical Zoom vulnerability put Windows users at risk, and Zoom has released a patch that organizations should apply immediately.
About Author
