Microsoft Releases January 2026 Patch Tuesday Fixes for 113 Vulnerabilities, Including Actively Exploited Zero-Day
LatestWarningsTheComingStormTimeToPatchAdamBarnettChrisGoettlCVE-2023-31096CVE-2026-0628CVE-2026-0891CVE-2026-0892CVE-2026-20805CVE-2026-20952CVE-2026-20953CVE-2026-21265DesktopWindowManagerImmersiveIvantiKevBreenMicrosoftOfficeMicrosoftPatchTuesdayJanuary2026Rapid7
On January 14, 2026, Microsoft released patches for 113 vulnerabilities affecting its supported Windows operating systems and software. Eight of these flaws are classified as critical, including one (unspecified) that is already being actively exploited by attackers. Among the patched CVEs are CVE-2026-0628, CVE-2026-0891, CVE-2026-0892, CVE-2026-20805, CVE-2026-20952, CVE-2026-20953, and CVE-2026-21265, as well as components like Desktop Window Manager and Microsoft Office. The updates also cover third-party products, including Ivanti. No additional details on technical impacts or attack vectors have been provided.