Do you remember those moments when a simple update could transform your digital daily life? At the beginning of the year 2026, Microsoft hits hard with its first Patch Tuesday, fixing an impressive number of vulnerabilities. What are these flaws and how do they affect your Windows experience? Let’s dive into the details of this crucial update.
The 3 must-know facts
- Microsoft has fixed 114 vulnerabilities in Windows 11, including three zero-day flaws.
- The vulnerability CVE-2026-20805, affecting Desktop Window Manager, is already being actively exploited.
- The updates include fixes for critical components like Secure Boot and third-party drivers.
The identified zero-days
Microsoft has identified three zero-day vulnerabilities among the 114 fixed, the most urgent being CVE-2026-20805. This flaw affects the Desktop Window Manager, essential for Windows graphical display. Exploiting this vulnerability requires local access to the machine, meaning an attacker must already have access, for example, via a compromised account. Once this access is obtained, the attacker can access internal system information and potentially escalate privileges to perform more intrusive actions.
The second zero-day, CVE-2026-21265, concerns Secure Boot. This issue results from the gradual expiration of certificates issued in 2011. Although this vulnerability does not immediately lead to an attack, it weakens the system startup verification process without an update. The January patches involve renewing the certificates, thus ensuring system security during startup.
Finally, the vulnerability CVE-2023-31096 targets third-party drivers, Agere Soft Modem, delivered with Windows. It allows privilege escalation after initial access, giving the attacker administrator rights. Microsoft has removed the affected drivers, agrsm64.sys and agrsm.sys, thereby enhancing security.
Other vulnerabilities fixed
Besides the zero-days, Microsoft addressed 111 other vulnerabilities, eight of which are considered critical. Privilege escalations are the most frequent among these flaws, typical of attacks where initial access allows gaining higher rights. Fixes have also been made for remote code executions, information disclosures, security feature bypasses, denial of service, and spoofing.
Microsoft Office, notably Word and Excel, received several fixes for remote code execution vulnerabilities. On the Windows side, a critical flaw affects LSASS, a key authentication component. SharePoint has also been updated to fix remote code execution, information disclosure, and spoofing flaws.
Impact on the Windows system
The January update covers many system components, including the kernel, Win32K, kernel-mode drivers, NTFS, SMB Server, Kerberos, Hyper-V, and various management and deployment services. These fixes aim to reduce privilege escalation possibilities and limit attack surfaces, thereby strengthening the overall security of Windows systems.
It should be noted that this count of vulnerabilities only concerns those fixed as part of Patch Tuesday. Updates for Microsoft Edge and some earlier January releases are not included.
Background on Microsoft and Patch Tuesday
Patch Tuesday is a well-established tradition at Microsoft, first introduced in 2003. It consists of a monthly update, usually on the second Tuesday of each month, where Microsoft releases patches for its software. This process aims to maintain the security and stability of its products by addressing flaws discovered by security researchers and users. In 2026, with 114 vulnerabilities fixed during the first Patch Tuesday of the year, Microsoft continues to demonstrate its commitment to providing secure solutions to its users in an ever-evolving digital landscape.
Source:
