Today marks Microsoft Patch Tuesday for January 2026, addressing 112 vulnerabilities. Notably, there is an actively exploited zero-day vulnerability, but it requires the attacker to be a local authorized user, which may reduce its severity.

In 2026, several Microsoft Secure Boot certificates are set to expire. If not updated, attackers could potentially bypass Secure Boot once these certificates expire.

Notable Patch Tuesday vulnerabilities for January

• CVE-2026-20805 An authorized local attacker could retrieve sensitive information by exploiting a vulnerability in the Desktop Window Manager. This zero-day vulnerability is actively being exploited.
• CVE-2023-31096 There are multiple vulnerabilities in the third-party Agere Soft Modem drivers included with Windows. This month’s updates remove these drivers.

For more detailed information on these and other vulnerabilities, please refer to the release notes: https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan

Need help addressing the above in your own organization? Speak to an Outpost24 expert.