Microsoft Releases January 2026 Security Updates

Scheduled updates for Microsoft products address 112 vulnerabilities, including an exploited information disclosure vulnerability and 2 others that have been publicly disclosed

Threat ID:: CC-4735
Threat Severity:: Medium
Published:: 14 January 2026 1:27 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products address 112 vulnerabilities, including an exploited information disclosure vulnerability and 2 others that have been publicly disclosed

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Office

The following platforms are also known to be affected:

Multiple other Microsoft platforms. Please see Microsoft's January 2026 Security Update guide for full details.

Threat details

Microsoft has reported exploitation for CVE-2026-20805

NHS England National CSOC assesses future exploitation as likely.

Introduction

Microsoft has released security updates to address 112 vulnerabilities in Microsoft products, including the 3 vulnerabilities highlighted below.

Vulnerability details

Exploited vulnerability:

CVE-2026-20805 - Desktop Window Manager Information Disclosure Vulnerability - CVSSv3 score: 5.5

Publicly disclosed vulnerabilities:

CVE-2026-21265 - Secure Boot Certificate Expiration Security Feature Bypass Vulnerability - CVSSv3 score: 6.4
CVE-2023-31096 - Windows Agere Soft Modem Driver Elevation of Privilege Vulnerability - CVSScv3 score: 7.8

Remediation advice

Affected organisations are encouraged to review Microsoft's January 2026 Security Updates and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan

CVE Vulnerabilities

Status Published

CVE-2026-20805

Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

Status Published

CVE-2026-21265

Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees. Certificate Authority (CA) Location Purpose Expiration Date Microsoft Corporation KEK CA 2011 KEK Signs updates to the DB and DBX 06/24/2026 Microsoft Corporation UEFI CA 2011 DB Signs 3rd party boot loaders, Option ROMs, etc. 06/27/2026 Microsoft Windows Production PCA 2011 DB Signs the Windows Boot Manager 10/19/2026 For more information see this CVE and Windows Secure Boot certificate expiration and CA updates.

Status Published

CVE-2023-31096

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.

Last edited: 14 January 2026 1:28 pm