{"id":590,"date":"2026-01-14T07:01:02","date_gmt":"2026-01-14T07:01:02","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/"},"modified":"2026-01-14T07:01:02","modified_gmt":"2026-01-14T07:01:02","slug":"patch-tuesday-january-2026-edition","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/","title":{"rendered":"Patch Tuesday, January 2026 Edition"},"content":{"rendered":"
\n

Microsoft<\/strong> today issued patches to plug at least 113 security holes in its various Windows<\/strong> operating systems and supported software. Eight of the vulnerabilities earned Microsoft\u2019s most-dire \u201ccritical\u201d rating, and the company warns that attackers are already exploiting one of the bugs fixed today.<\/p>\n

\"\"<\/p>\n

January\u2019s Microsoft zero-day flaw \u2014 CVE-2026-20805<\/a> \u2014 is brought to us by a flaw in the Desktop Window Manager<\/strong> (DWM), a key component of Windows that organizes windows on a user\u2019s screen. Kev Breen<\/strong>, senior director of cyber threat research at Immersive<\/strong>, said despite awarding CVE-2026-20805 a middling CVSS score of 5.5, Microsoft has confirmed its active exploitation in the wild, indicating that threat actors are already leveraging this flaw against organizations.<\/p>\n

Breen said vulnerabilities of this kind are commonly used to undermine Address Space Layout Randomization<\/a> (ASLR), a core operating system security control designed to protect against buffer overflows and other memory-manipulation exploits.<\/p>\n

\u201cBy revealing where code resides in memory, this vulnerability can be chained with a separate code execution flaw, transforming a complex and unreliable exploit into a practical and repeatable attack,\u201d Breen said. \u201cMicrosoft has not disclosed which additional components may be involved in such an exploit chain, significantly limiting defenders\u2019 ability to proactively threat hunt for related activity. As a result, rapid patching currently remains the only effective mitigation.\u201d<\/p>\n

Chris Goettl<\/strong>, vice president of product management at Ivanti<\/strong>, observed that CVE-2026-20805 affects all currently supported and extended security update supported versions of the Windows OS. Goettl said it would be a mistake to dismiss the severity of this flaw based on its \u201cImportant\u201d rating and relatively low CVSS score.<\/p>\n

\u201cA risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned,\u201d he said.<\/p>\n

Among the critical flaws patched this month are two Microsoft Office<\/strong> remote code execution bugs (CVE-2026-20952<\/a> and CVE-2026-20953<\/a>) that can be triggered just by viewing a booby-trapped message in the Preview Pane.<\/p>\n

Our October 2025 Patch Tuesday \u201cEnd of 10\u201d roundup<\/a> noted that Microsoft had removed a modem driver from all versions after it was discovered that hackers were abusing a vulnerability in it to hack into systems. Adam Barnett<\/strong> at Rapid7<\/strong> said Microsoft today removed another couple of modem drivers from Windows for a broadly similar reason: Microsoft is aware of functional exploit code for an elevation of privilege vulnerability in a very similar modem driver, tracked as CVE-2023-31096<\/a>.<\/span><\/p>\n

\u201cThat\u2019s not a typo; this vulnerability was originally published via MITRE over two years ago, along with a credible public writeup by the original researcher,\u201d Barnett said. \u201cToday\u2019s Windows patches remove agrsm64.sys and agrsm.sys. All three modem drivers were originally developed by the same now-defunct third party, and have been included in Windows for decades. These driver removals will pass unnoticed for most people, but you might find active modems still in a few contexts, including some industrial control systems.\u201d<\/p>\n

According to Barnett, two questions remain: How many more legacy modem drivers are still present on a fully-patched Windows asset; and how many more elevation-to-SYSTEM vulnerabilities will emerge from them before Microsoft cuts off attackers who have been enjoying \u201cliving off the land[line] by exploiting an entire class of dusty old device drivers?\u201d<\/p>\n

\u201cAlthough Microsoft doesn\u2019t claim evidence of exploitation for CVE-2023-31096, the relevant 2023 write-up and the 2025 removal of the other Agere modem driver have provided two strong signals for anyone looking for Windows exploits in the meantime,\u201d Barnett said. \u201cIn case you were wondering, there is no need to have a modem connected; the mere presence of the driver is enough to render an asset vulnerable.\u201d<\/p>\n

Immersive, Ivanti and Rapid7 all called attention to CVE-2026-21265<\/a>, which is a critical Security Feature Bypass vulnerability affecting Windows Secure Boot. This security feature is designed to protect against threats like rootkits and bootkits, and it relies on a set of certificates that are set to expire in June 2026 and October 2026. Once these 2011 certificates expire, Windows devices that do not have the new 2023 certificates can no longer receive Secure Boot security fixes.<\/p>\n

Barnett cautioned that when updating the bootloader and BIOS, it is essential to prepare fully ahead of time for the specific OS and BIOS combination you\u2019re working with, since incorrect remediation steps can lead to an unbootable system.<\/p>\n

\u201cFifteen years is a very long time indeed in information security, but the clock is running out on the Microsoft root certificates which have been signing essentially everything in the Secure Boot ecosystem since the days of Stuxnet,\u201d Barnett said. \u201cMicrosoft issued replacement certificates back in 2023, alongside CVE-2023-24932 which covered relevant Windows patches as well as subsequent steps to remediate the Secure Boot bypass exploited by the BlackLotus bootkit.\u201d<\/p>\n

Goettl noted that Mozilla<\/strong>\u00a0has released updates for Firefox<\/strong> and Firefox ESR<\/strong> resolving a total of 34 vulnerabilities, two of which are suspected to be exploited (CVE-2026-0891 and CVE-2026-0892). Both are resolved in Firefox 147 (MFSA2026-01) and CVE-2026-0891 is resolved in Firefox ESR 140.7 (MFSA2026-03).<\/p>\n

\u201cExpect Google Chrome<\/strong> and Microsoft Edge<\/strong> updates this week in addition to a high severity vulnerability in Chrome WebView that was resolved in the January 6 Chrome update (CVE-2026-0628),\u201d Goettl said.<\/p>\n

As ever, the SANS Internet Storm Center<\/a> has a per-patch breakdown by severity and urgency. Windows admins should keep an eye on askwoody.com<\/a> for any news about patches that don\u2019t quite play nice with everything. If you experience any issues related installing January\u2019s patches, please drop a line in the comments below.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft\u2019s most-dire \u201ccritical\u201d rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January\u2019s Microsoft zero-day flaw \u2014 CVE-2026-20805 \u2014 is brought to us […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[178,440,441,442,443,444,445,446,447,448,90,449,192,450,193,143,194,451,196,176,177],"tags":[91],"class_list":["post-590","post","type-post","status-publish","format-standard","hentry","category-adam-barnett","category-chris-goettl","category-cve-2023-31096","category-cve-2026-0628","category-cve-2026-0891","category-cve-2026-0892","category-cve-2026-20805","category-cve-2026-20952","category-cve-2026-20953","category-cve-2026-21265","category-cybersecurity","category-desktop-window-manager","category-immersive","category-ivanti","category-kev-breen","category-latest-warnings","category-microsoft-office","category-microsoft-patch-tuesday-january-2026","category-rapid7","category-the-coming-storm","category-time-to-patch","tag-cybersecurity"],"yoast_head":"\nPatch Tuesday, January 2026 Edition - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patch Tuesday, January 2026 Edition - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft\u2019s most-dire \u201ccritical\u201d rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January\u2019s Microsoft zero-day flaw \u2014 CVE-2026-20805 \u2014 is brought to us […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-14T07:01:02+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Patch Tuesday, January 2026 Edition\",\"datePublished\":\"2026-01-14T07:01:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/\"},\"wordCount\":925,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Adam Barnett\",\"Chris Goettl\",\"CVE-2023-31096\",\"CVE-2026-0628\",\"CVE-2026-0891\",\"CVE-2026-0892\",\"CVE-2026-20805\",\"CVE-2026-20952\",\"CVE-2026-20953\",\"CVE-2026-21265\",\"Cybersecurity\",\"Desktop Window Manager\",\"Immersive\",\"Ivanti\",\"Kev Breen\",\"Latest Warnings\",\"Microsoft Office\",\"Microsoft Patch Tuesday January 2026\",\"Rapid7\",\"The Coming Storm\",\"Time to Patch\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/\",\"name\":\"Patch Tuesday, January 2026 Edition - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png\",\"datePublished\":\"2026-01-14T07:01:02+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage\",\"url\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png\",\"contentUrl\":\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patch Tuesday, January 2026 Edition\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Patch Tuesday, January 2026 Edition - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/","og_locale":"en_US","og_type":"article","og_title":"Patch Tuesday, January 2026 Edition - Imperative Business Ventures Limited","og_description":"Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft\u2019s most-dire \u201ccritical\u201d rating, and the company warns that attackers are already exploiting one of the bugs fixed today. January\u2019s Microsoft zero-day flaw \u2014 CVE-2026-20805 \u2014 is brought to us […]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-01-14T07:01:02+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Patch Tuesday, January 2026 Edition","datePublished":"2026-01-14T07:01:02+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/"},"wordCount":925,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png","keywords":["Cybersecurity"],"articleSection":["Adam Barnett","Chris Goettl","CVE-2023-31096","CVE-2026-0628","CVE-2026-0891","CVE-2026-0892","CVE-2026-20805","CVE-2026-20952","CVE-2026-20953","CVE-2026-21265","Cybersecurity","Desktop Window Manager","Immersive","Ivanti","Kev Breen","Latest Warnings","Microsoft Office","Microsoft Patch Tuesday January 2026","Rapid7","The Coming Storm","Time to Patch"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/","name":"Patch Tuesday, January 2026 Edition - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage"},"thumbnailUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png","datePublished":"2026-01-14T07:01:02+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#primaryimage","url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png","contentUrl":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2021\/07\/windupate.png"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/01\/14\/patch-tuesday-january-2026-edition\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Patch Tuesday, January 2026 Edition"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=590"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/590\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}