Microsoft January 2026 Patch Tuesday Update for windows 11 and 10

Microsoft’s January 2026 Patch Tuesday update was released with critical security fixes, performance improvements, and stability updates for Windows 11, Windows 10, and Windows Server. This month’s release is a large security rollout, that addresses:

• 114 security vulnerabilities across Microsoft’s product ecosystem
• 3 zero‑day vulnerabilities (publicly disclosed, including one legacy CVE refreshed in this update)
• 12 Critical‑rated flaws, mostly Remote Code Execution (RCE) vulnerabilities,
• A strong focus on Elevation of Privilege (EoP) bugs in  core Windows components

For Windows 11 and Windows 10 users, this Patch Tuesday is primarily focused on hardening security rather than a feature‑heavy update. It closes multiple attack paths involving LSASS, Windows kernel, SMB Server, Office, Excel, and SharePoint.

January 2026 Patch Summary at a Glance

• Total vulnerabilities patched: Microsoft patched 114 security vulnerabilities across its Windows operating systems and supported software.
• Zero‑day vulnerabilities: 3
  • CVE‑2026‑20805 – Desktop Window Manager (DWM)
  • CVE‑2026‑21265 – Windows Digital Media
  • CVE‑2023‑31096 – Legacy Windows driver EoP (re‑surfaced in this rollup)
• Critical vulnerabilities: 12 Critical‑rated, mainly RCE in Windows and Microsoft Office
• Patch release date: January 13, 2026 (second Tuesday of the month)

These updates are available through Windows Update, WSUS, SCCM, and the Microsoft Update Catalog.

What is the Patch Tuesday Update?

Microsoft Patch Tuesday (also called Update Tuesday) occurs on the second Tuesday of every month. On this day, Microsoft releases:

• Security updates to fix vulnerabilities
• Quality updates to fix bugs, improve stability and performance

Vulnerability vs. bug:

• A vulnerability is a weakness or flaw that attackers can exploit to gain unauthorized access, execute code, steal data, or disrupt services.
• A bug is an error or defect that causes software to behave unexpectedly. Some bugs also create vulnerabilities.

What is a security update?

A security update (or patch) is a piece of code that fixes or mitigates one or more vulnerabilities or bugs.

Microsoft rates vulnerabilities with four severity levels:

• Critical: Could allow remote code execution without user interaction and lead to full system compromise.
• Important: Could compromise data or functionality, usually requires some user interaction or specific conditions.
• Moderate: Less likely to be exploited but still has security impact.
• Low: Very unlikely to be exploited and minimal impact.

January 2026 focuses heavily on Critical and Important vulnerabilities in Windows, Office, and related services.

Zero‑Day Vulnerabilities Fixed in January 2026

Microsoft’s January 2026 Patch Tuesday includes fixes for three zero‑day vulnerabilities flaws that were publicly disclosed before patches were available. None were reported as actively exploited at release time, but they still deserve high priority.

1. CVE‑2026‑20805 – Desktop Window Manager (DWM) – Information Disclosure

• Component: Desktop Window Manager (DWM)
• Type: Information Disclosure
• Severity: Important (rated high severity by third‑party researchers)
• Risk: Could allow unauthorized access to sensitive system information.

This vulnerability is particularly concerning for workstations handling confidential or regulated data. While it does not directly grant code execution, the leaked information can help attackers refine other exploits.

2. CVE‑2026‑21265 – Windows Digital Media – Elevation of Privilege

• Component: Windows Digital Media
• Type: Elevation of Privilege (EoP)
• Risk: Lets a local attacker escalate privileges and gain higher‑level access.

Attackers typically combine this kind of EoP vulnerability with other bugs (for example, a browser or Office exploit) to move from a normal user context to SYSTEM‑level control.

3. CVE‑2023‑31096 – Legacy EoP Vulnerability Re‑surfaced

• Component: Windows Agere Soft Modem Driver
• Type: Elevation of Privilege
• Note: Although this CVE was originally assigned earlier, it appears again in the January 2026 cumulative updates.

Its inclusion suggests Microsoft discovered additional attack paths or affected configurations that also required patching in this month’s rollup.

Critical Remote Code Execution (RCE) Vulnerabilities

January 2026 includes 12 Critical‑rated vulnerabilities, many of them Remote Code Execution issues that allow attackers to execute arbitrary code.

LSASS Remote Code Execution – CVE‑2026‑20854

One of the most serious bugs this month is CVE‑2026‑20854:

• Component: Windows Local Security Authority Subsystem Service (LSASS)
• Type: Remote Code Execution (use‑after‑free)
• Severity: Critical
• Attack vector: Exploitable over the network

LSASS is responsible for authentication and credential management in Windows. Successfully exploiting this flaw could:

• Allow attackers to steal credentials
• Enable lateral movement inside the network
• Potentially lead to full domain compromise, especially on domain controllers

Systems running Windows 10, Windows 11, and Windows Server that handle authentication requests should prioritize this patch.

Microsoft Office and Excel RCE Vulnerabilities

Multiple Critical flaws affect Microsoft Office, Word, and Excel, making them high‑risk for email‑based attacks.

Some of the key issues include:

• CVE‑2026‑20944 – Microsoft Word RCE (out‑of‑bounds read)
• CVE‑2026‑20952 – Microsoft Office RCE (use‑after‑free)
• CVE‑2026‑20953 – Microsoft Office RCE
• CVE‑2026‑20955 – Microsoft Excel RCE (pointer manipulation)
• CVE‑2026‑20957 – Microsoft Excel RCE (integer underflow)
• CVE‑2026‑20946 – Microsoft Excel RCE

Attack scenario:

• A user opens or previews a malicious Word or Excel document, often delivered via phishing email.
• The exploit triggers, allowing attackers to run code under the user’s context.
• Combined with EoP vulnerabilities, this can lead to full takeover of the system.

Keeping Office and Outlook updated is just as important as updating Windows itself.

Other Notable Critical RCE Issues

January 2026 also includes RCE vulnerabilities in:

• Windows NTFS (CVE‑2026‑20840, CVE‑2026‑20922)
• Windows Media (CVE‑2026‑20837)
• Windows Deployment Services – WDS (CVE‑2026‑0386)
• Windows Server Update Services – WSUS (CVE‑2026‑20856)
• Windows Routing and Remote Access Service – RRAS (CVE‑2026‑20868)
• Microsoft SharePoint Server (CVE‑2026‑20947, CVE‑2026‑20956)

In enterprise environments, services like WSUS, RRAS, HTTP.sys, and SharePoint are often network‑reachable and therefore high‑value targets. These should be patched quickly, especially if exposed to the internet.

Elevation of Privilege (EoP) – The Bulk of January’s Fixes

Out of the 114 vulnerabilities fixed in January 2026, 57 are Elevation of Privilege (EoP) issues.

These don’t usually provide initial access on their own, but once attackers gain a foothold (via phishing, malicious documents, or browser exploits), they use EoP bugs to:

• Escalate from standard user to SYSTEM
• Disable security solutions
• Install ransomware or persistent backdoors
• Move laterally inside the network

Notable EoP areas include:

• Windows kernel and kernel‑mode drivers
  • Examples: CVE‑2026‑20809, CVE‑2026‑20859
• Windows Management Services
  • CVE‑2026‑20858, 20865, 20877, 20918, 20923, 20924, 20861, 20866, 20867, 20873, 20874, etc.
• Win32k subsystem
  • CVE‑2026‑20811, CVE‑2026‑20920, CVE‑2026‑20863
• Windows SMB Server
  • CVE‑2026‑20919, 20921, 20926, 20934, 20848
• Local Session Manager (LSM)
  • CVE‑2026‑20869
• Cloud Files Mini Filter Driver
  • CVE‑2026‑20857, CVE‑2026‑20940

“While remote code execution flaws steal the headlines, the majority of January 2026 patches are privilege‑escalation bugs. Attackers typically chain these with phishing or document exploits to gain full control over Windows 10 and Windows 11 devices.”

Beyond RCE and EoP, Microsoft also fixed:

These vulnerabilities can expose sensitive data or internal system details, which attackers can later weaponize. Affected components include:

• File Explorer (CVE‑2026‑20823, CVE‑2026‑20932, CVE‑2026‑20937, CVE‑2026‑20939)
• Virtualization‑Based Security (VBS) (CVE‑2026‑20876, CVE‑2026‑20935)
• Remote Procedure Call (RPC) (CVE‑2026‑20821)
• TPM Trustlet (CVE‑2026‑20829)
• NTFS and Client‑Side Caching (CSC) (CVE‑2026‑20840, CVE‑2026‑20839)
• Windows NDIS (CVE‑2026‑20936)
• Microsoft DRTM / Secure boot‑related components (CVE‑2026‑20962)

Security Feature Bypass (3 CVEs)

• CVE‑2026‑21265 – Secure Boot Certificate Expiration
• CVE‑2026‑20824 – Windows Remote Assistance Security Feature Bypass
• Other bypasses affecting how protections are enforced

These vulnerabilities can allow attackers to circumvent security controls without triggering normal defenses.

Spoofing and Tampering

• Spoofing: CVE‑2026‑20834, CVE‑2026‑20847, CVE‑2026‑20925, CVE‑2026‑20872, CVE‑2026‑20951
• Tampering: CVE‑2026‑20804, CVE‑2026‑20812, CVE‑2026‑20852

These issues can be used for phishing, identity spoofing, or compromising the integrity of authentication mechanisms such as Windows Hello and NTLM.

What’s New for Windows 11 and Windows 10 in January 2026?

Unlike some previous months, January 2026 is primarily a security‑focused release. There are no major feature additions comparable to past File Explorer or Start menu redesigns. However, users still benefit from:

• Stability and reliability improvements in core Windows components
• Fixes for crashes, performance bottlenecks, and driver issues
• Updates that strengthen authentication, virtualization, and file‑system security

For Windows 11, cumulative updates are released for supported versions, such as KB5074109 for 24H2 / 25H2, and it includes:

• Security fixes mentioned above (LSASS, VBS, kernel, NTFS, File Explorer, etc.)
• Reliability updates for system components and services
• Under‑the‑hood changes to improve update servicing and compatibility

For Windows 10, official support has largely ended for most consumers, but organizations or users enrolled in the Windows 10 Extended Security Updates (ESU) program continue to receive security patches.

• ESU‑enrolled Windows 10 devices receive the January 2026 cumulative update, KB5073724.
• After installing the update, systems move to the latest build 19045.6809 with all January security fixes

These updates also include servicing stack improvements to ensure future updates install more reliably.

How to Download and Install the January 2026 Security Updates

You can install the January 2026 Patch Tuesday updates using:

• Windows Update (Settings > Windows Update > Check for updates)
• Microsoft Update Catalog (for offline installers)
• Windows Server Update Services (WSUS)
• System Center Configuration Manager (SCCM) / Microsoft Endpoint Configuration Manager

For manual installation, Microsoft typically publishes offline installers such as:

• Windows 11 KB5074109 (for versions 25H2/24H2) – 64‑bit
• Windows 11 KB5073455 (for versions 23H2/22H2) – 64‑bit
• Windows 10 KB5073724 (for versions 22H2/21H1 via ESU) – 64‑bit and 32‑bit (x86)

You can also:

• Download Windows 11 ISO if you need to perform an in‑place upgrade or repair install.
• Use the Media Creation Tool or the Windows 11 installation assistant to upgrade supported devices to the latest Windows 11 version (e.g., 25H2).

If you encounter issues (updates stuck at a certain percentage, error codes during installation, etc.), refer to your Windows 11 Update troubleshooting guide to fix common problems.

FAQ on Patch Tuesday update

What is Patch Tuesday?
Patch Tuesday is Microsoft’s monthly update event, held on the second Tuesday of every month, when the company releases security and quality updates for its products.

When is Patch Tuesday?
Patch Tuesday falls on the second Tuesday of each month. In 2026, the January Patch Tuesday was on January 13, 2026.

What is patching, and why is it important?
Patching means applying software updates that fix bugs and vulnerabilities. Unpatched systems are easy targets for malware, ransomware, and data breaches.

What kind of patch updates are released during Patch Tuesday?
Microsoft releases mainly security updates, rated as Critical, Important, Moderate, or Low based on severity and impact.

What are CVE IDs?
CVE (Common Vulnerabilities and Exposures) IDs are standardized identifiers used to catalog publicly disclosed security vulnerabilities in the National Vulnerability Database (NVD) and other security databases.

Also Read

• Complete Review of Microsoft Windows 10 Operating System
• Solved: Microsoft Edge not working after the Windows 10 update
• can’t connect securely to this page IE11 or Edge Windows 10
• Windows 10 Stuck Preparing Automatic Repair? Here is how to fix
• Everything About IP (Internet Protocol) Address – Purpose to Benefits explained