Patch Tuesday, January 2026 Edition – Krebs on Security

https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/

Publish Date: 2026-01-13 21:45:57

Microsoft’s January Patch Tuesday addressed a significant 113 security vulnerabilities, eight of which were ranked as “critical.” These vulnerabilities range from flaws in Windows components to Microsoft Office and legacy modem drivers. One particularly concerning flaw, CVE-2026-20805, affecting the Desktop Window Manager, has already been actively exploited by attackers. This vulnerability threatens to compromise secure memory layout techniques and can be chained with other exploits for more severe attacks. Additionally, significant risks have emerged from remote code execution vulnerabilities in Microsoft Office that allow potential attackers to execute malicious code simply by opening a compromised file. Microsoft has also taken drastic steps to remove legacy modem drivers due to ongoing active exploitation risks. Finally, attention is drawn to upcoming changes to Windows Secure Boot security features as existing certificates that have been in use for over a decade are set to expire.

Key Points:

– Microsoft issued patches for 113 Windows and software vulnerabilities, eight of which are critical.
– Vulnerabilities include a currently exploited flaw in Desktop Window Manager, deemed highly risky as it can assist in memory-manipulation exploits.
– Critical remote code execution vulnerabilities in Microsoft Office pose serious threats, potentially enabling attackers to execute harmful code via ordinary file interactions.
– Removal of legacy modem drivers highlights ongoing security risks from long-standing technologies.
– Attention is required for upcoming changes to Windows Secure Boot security as old certificates approach expiration, impacting future security updates.