*Stormcast* Recap: Microsoft's January 2026 *Patch Tuesday* Addresses 113 Vulnerabilities, Including Active Exploits

The Stormcast episode from the SANS Internet Storm Center on Wednesday, January 14, 2026, presented by Johannes Ullrich from Jacksonville, Florida, covers Microsoft's Patch Tuesday for January 2026. This update addresses 113 vulnerabilities, including 8 critical flaws and 1 already exploited in the wild. Notable vulnerabilities include a Secure Boot issue tied to certificate expiration, requiring certificate rotation, and an LPC port vulnerability (Windows RPC mechanism) exploited for information disclosure, classified as important by Microsoft. Critical vulnerabilities include RCE flaws in Microsoft Office (Word, Excel) and Lsass, the latter requiring prior authentication. Adobe also released patches for 5 products, including ColdFusion (arbitrary file upload vulnerability) and Acrobat Reader (2 RCE flaws). Fortinet fixed two vulnerabilities: a heap-based buffer overflow in FortiOS and FortiSwitch Manager (unauthenticated code execution) and an SSRF flaw in its sandbox interface. A new attack technique, dubbed consent phish, is highlighted: it exploits OAuth tokens by tricking victims into copying and pasting a URL containing credentials after legitimate authentication, bypassing redirect URI restrictions.