Microsoft January 2026 Patch Tuesday Fixes 3 Zero-days, 114 Flaws - Full Analysis

Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.

This Patch Tuesday also addresses eight "Critical" vulnerabilities, 6 of which are remote code execution flaws and 2 are elevation-of-privilege flaws.

The number of bugs in each vulnerability category is listed below:

When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include Microsoft Edge (1 flaw) and Mariner vulnerabilities fixed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5074109 & KB5073455 cumulative updates and Windows 10 KB5073724 extended security update.

This month's Patch Tuesday fixes one actively exploited and two publicly disclosed zero-day vulnerabilities.

Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.

CVE-2026-20805 - Desktop Window Manager Information Disclosure Vulnerability

Microsoft has patched an actively exploited information disclosure flaw in the Desktop Window Manager.

"Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally," explains Microsoft.

Source: BleepingComputer