Microsoft January 2026 Patch Tuesday Fixes 114 Flaws, Including 3 Zero-Days

CVE-2026-20822Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20876Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20944Microsoft Word Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20953Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20955Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20854Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20952Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20957Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20962Dynamic Root of Trust for Measurement (DRTM) Information Disclosure VulnerabilityInformation DisclosureCVE-2026-21265Secure Boot Certificate Expiration Security Feature Bypass VulnerabilitySecurity Feature BypassCVE-2026-0386Windows Deployment Services Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20803Microsoft SQL Server Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20965Windows Admin Center Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20804Windows Hello Tampering VulnerabilityTamperingCVE-2026-20805Desktop Window Manager Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20808Windows File Explorer Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20809Windows Kernel Memory Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20810Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20811Win32k Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20812LDAP Tampering VulnerabilityTamperingCVE-2026-20814DirectX Graphics Kernel Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20815Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20816Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20817Windows Error Reporting Service Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20818Windows Kernel Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20819Windows Virtualization-Based Security (VBS) Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20820Windows Common Log File System Driver Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20821Remote Procedure Call Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20823Windows File Explorer Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20824Windows Remote Assistance Security Feature Bypass VulnerabilitySecurity Feature BypassCVE-2026-20825Windows Hyper-V Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20826Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure VulnerabilityElevation of PrivilegeCVE-2026-20827Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20828Windows rndismp6.sys Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20829TPM Trustlet Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20831Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20832Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20833Windows Kerberos Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20834Windows Spoofing VulnerabilitySpoofingCVE-2026-20835Capability Access Management Service (camsvc) Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20836DirectX Graphics Kernel Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20837Windows Media Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20838Windows Kernel Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20839Windows Client-Side Caching (CSC) Service Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20840Windows NTFS Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20842Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20844Windows Clipboard Server Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2023-31096Windows Agere Soft Modem Driver Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20847Microsoft Windows File Explorer Spoofing VulnerabilitySpoofingCVE-2026-20851Capability Access Management Service (camsvc) Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20852Windows Hello Tampering VulnerabilityTamperingCVE-2026-20856Windows Server Update Service (WSUS) Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20857Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20858Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20859Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20860Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20864Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20865Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20869Windows Local Session Manager (LSM) Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20875Windows Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityDenial of ServiceCVE-2026-20877Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20918Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20919Windows SMB Server Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20920Win32k Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20921Windows SMB Server Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20922Windows NTFS Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20923Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20924Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20925NTLM Hash Disclosure Spoofing VulnerabilitySpoofingCVE-2026-20926Windows SMB Server Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20927Windows SMB Server Denial of Service VulnerabilityDenial of ServiceCVE-2026-20932Windows File Explorer Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20934Windows SMB Server Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20938Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20940Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20943Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityRemote Code ExecutionCVE-2026-20946Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20951Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20956Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20959Microsoft SharePoint Server Spoofing VulnerabilitySpoofingCVE-2026-20963Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20830Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-21221Capability Access Management Service (camsvc) Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-21224Azure Connected Machine Agent Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20947Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20843Windows Routing and Remote Access Service (RRAS) Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20848Windows SMB Server Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20849Windows Kerberos Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20853Windows WalletService Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-21219Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20861Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20862Windows Management Services Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20863Win32k Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20866Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20867Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20868Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20870Windows Win32 Kernel Subsystem Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20871Desktop Windows Manager Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20872NTLM Hash Disclosure Spoofing VulnerabilitySpoofingCVE-2026-20873Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20874Windows Management Services Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2024-55414Windows Motorola Soft Modem Driver Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20929Windows HTTP.sys Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20931Windows Telephony Service Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20935Windows Virtualization-Based Security (VBS) Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20936Windows NDIS Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20937Windows File Explorer Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20939Windows File Explorer Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20948Microsoft Word Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20949Microsoft Excel Security Feature Bypass VulnerabilitySecurity Feature BypassCVE-2026-20950Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCVE-2026-20958Microsoft SharePoint Information Disclosure VulnerabilityInformation DisclosureCVE-2026-20941Host Process for Windows Tasks Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-21226Azure Core shared client library for Python Remote Code Execution VulnerabilityRemote Code Execution