Overview
- Microsoft’s January 2026 Patch Tuesday delivers fixes for roughly 112–114 vulnerabilities across Windows, Office and server products, with Windows Update set to install them by default.
- CVE-2026-20805 in Desktop Window Manager is under active exploitation, leaking ALPC-related memory on Windows 10, Windows 11 and multiple Server versions, which can aid multi‑stage attacks.
- Office receives multiple critical remote code execution patches, including flaws in Excel and SharePoint, with some attacks possible through the preview pane without opening a file.
- Longstanding elevation-of-privilege risks in legacy Agere and Motorola softmodem drivers are addressed by removing those drivers, and admins must renew Secure Boot certificates tied to CVE-2026-21265 before June 2026 to avoid update blocks.
- Microsoft confirms post-update credential prompt errors in the Windows app for Remote Desktop affecting Azure Virtual Desktop and Windows 365, and advises using the standalone Remote Desktop client or the web app as temporary workarounds.