January 2026 Microsoft Patch Tuesday Summary

    Published: 2026-01-13. Last Updated: 2026-01-13 19:05:41 UTC
    by Johannes Ullrich (Version: 1)
    0 comment(s)

    Today, Microsoft released patches for 113 vulnerabilities. One of these vulnerabilities affected the Edge browser and was patched upstream by Chromium.

    Eight of the vulnerabilities are rated critical. One has been disclosed before today, and one is already being exploited. Five of the critical vulnerabilities affect Microsoft Office components.

    Noteworthy Vulnerabilities

    CVE-2026-20854: A remote code execution vulnerability in LSASS. This brings back memories from hallmark Windows security events like the Blaster worm. However, in this case, the attacker must be authenticated. But the attacker does not need elevated privileges. Microsoft considers exploitation less likely. 

    CVE-2026-20805: This is an information disclosure vulnerability in the Desktop Windows Manager, and it is already being exploited. The vulnerability can be used to identify the section address from a remote ALPC port. 

    CVE-2026-21265: Secure boot may not recognize an expired certificate. This problem was already disclosed, but so far hasn't been exploited.

    Description
    CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
    Azure Connected Machine Agent Elevation of Privilege Vulnerability
    CVE-2026-21224 No No - - Important 7.8 6.8
    Azure Core shared client library for Python Remote Code Execution Vulnerability
    CVE-2026-21226 No No - - Important 7.5 6.5
    Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
    CVE-2026-20815 No No - - Important 7.0 6.1
    CVE-2026-20830 No No - - Important 7.0 6.1
    CVE-2026-21221 No No - - Important 7.0 6.1
    Capability Access Management Service (camsvc) Information Disclosure Vulnerability
    CVE-2026-20835 No No - - Important 5.5 4.8
    CVE-2026-20851 No No - - Important 6.2 5.4
    Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag
    CVE-2026-0628 No No - - -    
    Desktop Window Manager Information Disclosure Vulnerability
    CVE-2026-20805 No Yes - - Important 5.5 4.8
    Desktop Windows Manager Elevation of Privilege Vulnerability
    CVE-2026-20871 No No - - Important 7.8 6.8
    DirectX Graphics Kernel Elevation of Privilege Vulnerability
    CVE-2026-20814 No No - - Important 7.0 6.1
    CVE-2026-20836 No No - - Important 7.0 6.1
    Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability
    CVE-2026-20962 No No - - Important 4.4 3.9
    Host Process for Windows Tasks Elevation of Privilege Vulnerability
    CVE-2026-20941 No No - - Important 7.8 6.8
    Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
    CVE-2026-21219 No No - - Important 7.0 6.1
    LDAPTampering Vulnerability
    CVE-2026-20812 No No - - Important 6.5 5.7
    Microsoft DWM Core Library Elevation of Privilege Vulnerability
    CVE-2026-20842 No No - - Important 7.0 6.1
    Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-20946 No No - - Important 7.8 6.8
    CVE-2026-20955 No No - - Critical 7.8 6.8
    CVE-2026-20956 No No - - Important 7.8 6.8
    CVE-2026-20950 No No - - Important 7.8 6.8
    CVE-2026-20957 No No - - Critical 7.8 6.8
    Microsoft Excel Security Feature Bypass Vulnerability
    CVE-2026-20949 No No - - Important 7.8 6.8
    Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-20943 No No - - Important 7.0 6.1
    Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-20953 No No - - Critical 8.4 7.3
    CVE-2026-20952 No No - - Critical 8.4 7.3
    Microsoft SQL Server Elevation of Privilege Vulnerability
    CVE-2026-20803 No No - - Important 7.2 6.3
    Microsoft SharePoint Information Disclosure Vulnerability
    CVE-2026-20958 No No - - Important 5.4 4.7
    Microsoft SharePoint Remote Code Execution Vulnerability
    CVE-2026-20963 No No - - Important 8.8 7.7
    Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-20951 No No - - Important 7.8 6.8
    CVE-2026-20947 No No - - Important 8.8 7.7
    Microsoft SharePoint Server Spoofing Vulnerability
    CVE-2026-20959 No No - - Important 4.6 4.0
    Microsoft Windows File Explorer Spoofing Vulnerability
    CVE-2026-20847 No No - - Important 6.5 5.7
    Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-20944 No No - - Critical 8.4 7.3
    CVE-2026-20948 No No - - Important 7.8 6.8
    NTLM Hash Disclosure Spoofing Vulnerability
    CVE-2026-20925 No No - - Important 6.5 5.7
    CVE-2026-20872 No No - - Important 6.5 5.7
    Remote Procedure Call Information Disclosure Vulnerability
    CVE-2026-20821 No No - - Important 6.2 5.4
    Secure Boot Certificate Expiration Security Feature Bypass Vulnerability
    CVE-2026-21265 Yes No - - Important 6.4 5.6
    TPM Trustlet Information Disclosure Vulnerability
    CVE-2026-20829 No No - - Important 5.5 4.8
    Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
    CVE-2026-20826 No No - - Important 7.8 6.8
    CVE-2026-20827 No No - - Important 5.5 4.8
    Win32k Elevation of Privilege Vulnerability
    CVE-2026-20811 No No - - Important 7.8 6.8
    CVE-2026-20920 No No - - Important 7.8 6.8
    CVE-2026-20863 No No - - Important 7.0 6.1
    Windows Admin Center Elevation of Privilege Vulnerability
    CVE-2026-20965 No No - - Important 7.5 6.5
    Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-20810 No No - - Important 7.8 6.8
    CVE-2026-20831 No No - - Important 7.8 6.8
    CVE-2026-20860 No No - - Important 7.8 6.8
    Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability
    CVE-2026-20839 No No - - Important 5.5 4.8
    Windows Clipboard Server Elevation of Privilege Vulnerability
    CVE-2026-20844 No No - - Important 7.4 6.4
    Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-20857 No No - - Important 7.8 6.8
    CVE-2026-20940 No No - - Important 7.8 6.8
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2026-20820 No No - - Important 7.8 6.8
    Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
    CVE-2026-20864 No No - - Important 7.8 6.8
    Windows Deployment Services Remote Code Execution Vulnerability
    CVE-2026-0386 No No - - Important 7.5 6.5
    Windows Error Reporting Service Elevation of Privilege Vulnerability
    CVE-2026-20817 No No - - Important 7.8 6.8
    Windows File Explorer Elevation of Privilege Vulnerability
    CVE-2026-20808 No No - - Important 7.0 6.1
    Windows File Explorer Information Disclosure Vulnerability
    CVE-2026-20823 No No - - Important 5.5 4.8
    CVE-2026-20932 No No - - Important 5.5 4.8
    CVE-2026-20937 No No - - Important 5.5 4.8
    CVE-2026-20939 No No - - Important 5.5 4.8
    Windows Graphics Component Elevation of Privilege Vulnerability
    CVE-2026-20822 No No - - Critical 7.8 6.8
    Windows HTTP.sys Elevation of Privilege Vulnerability
    CVE-2026-20929 No No - - Important 7.5 6.5
    Windows Hello Tampering Vulnerability
    CVE-2026-20804 No No - - Important 7.7 6.7
    CVE-2026-20852 No No - - Important 7.7 6.7
    Windows Hyper-V Information Disclosure Vulnerability
    CVE-2026-20825 No No - - Important 4.4 3.9
    Windows Installer Elevation of Privilege Vulnerability
    CVE-2026-20816 No No - - Important 7.8 6.8
    Windows Kerberos Elevation of Privilege Vulnerability
    CVE-2026-20849 No No - - Important 7.5 6.5
    Windows Kerberos Information Disclosure Vulnerability
    CVE-2026-20833 No No - - Important 5.5 4.8
    Windows Kernel Information Disclosure Vulnerability
    CVE-2026-20818 No No - - Important 6.2 5.4
    CVE-2026-20838 No No - - Important 5.5 4.8
    Windows Kernel Memory Elevation of Privilege Vulnerability
    CVE-2026-20809 No No - - Important 7.8 6.8
    Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
    CVE-2026-20859 No No - - Important 7.8 6.8
    Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
    CVE-2026-20875 No No - - Important 7.5 6.5
    Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
    CVE-2026-20854 No No - - Critical 7.5 6.5
    Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
    CVE-2026-20869 No No - - Important 7.0 6.1
    Windows Management Services Elevation of Privilege Vulnerability
    CVE-2026-20858 No No - - Important 7.8 6.9
    CVE-2026-20865 No No - - Important 7.8 6.8
    CVE-2026-20877 No No - - Important 7.8 6.8
    CVE-2026-20918 No No - - Important 7.8 6.8
    CVE-2026-20923 No No - - Important 7.8 6.8
    CVE-2026-20924 No No - - Important 7.8 6.8
    CVE-2026-20861 No No - - Important 7.8 6.8
    CVE-2026-20866 No No - - Important 7.8 6.8
    CVE-2026-20867 No No - - Important 7.8 6.8
    CVE-2026-20873 No No - - Important 7.8 6.8
    CVE-2026-20874 No No - - Important 7.8 6.8
    Windows Management Services Information Disclosure Vulnerability
    CVE-2026-20862 No No - - Important 5.5 4.8
    Windows Media Remote Code Execution Vulnerability
    CVE-2026-20837 No No - - Important 7.8 6.8
    Windows NDIS Information Disclosure Vulnerability
    CVE-2026-20936 No No - - Important 4.3 3.8
    Windows NTFS Remote Code Execution Vulnerability
    CVE-2026-20840 No No - - Important 7.8 6.8
    CVE-2026-20922 No No - - Important 7.8 6.8
    Windows Remote Assistance Security Feature Bypass Vulnerability
    CVE-2026-20824 No No - - Important 5.5 4.8
    Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
    CVE-2026-20832 No No - - Important 7.8 6.8
    Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
    CVE-2026-20843 No No - - Important 7.8 6.8
    Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
    CVE-2026-20868 No No - - Important 8.8 7.7
    Windows SMB Server Denial of Service Vulnerability
    CVE-2026-20927 No No - - Important 5.3 4.6
    Windows SMB Server Elevation of Privilege Vulnerability
    CVE-2026-20919 No No - - Important 7.5 6.5
    CVE-2026-20921 No No - - Important 7.5 6.5
    CVE-2026-20926 No No - - Important 7.5 6.5
    CVE-2026-20934 No No - - Important 7.5 6.5
    CVE-2026-20848 No No - - Important 7.5 6.5
    Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
    CVE-2026-20856 No No - - Important 8.1 7.1
    Windows Spoofing Vulnerability
    CVE-2026-20834 No No - - Important 4.6 4.0
    Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2026-20931 No No - - Important 8.0 7.0
    Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
    CVE-2026-20876 No No - - Critical 6.7 5.8
    CVE-2026-20938 No No - - Important 7.8 6.8
    Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
    CVE-2026-20819 No No - - Important 5.5 4.8
    CVE-2026-20935 No No - - Important 6.2 5.4
    Windows WalletService Elevation of Privilege Vulnerability
    CVE-2026-20853 No No - - Important 7.4 6.4
    Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
    CVE-2026-20870 No No - - Important 7.8 6.8
    Windows rndismp6.sys Information Disclosure Vulnerability
    CVE-2026-20828 No No - - Important 4.6 4.0

    --
    Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
    Twitter|

    Keywords: microsoft patch Tuesday
    0 comment(s)
    ISC Stormcast For Tuesday, January 13th, 2026 https://isc.sans.edu/podcastdetail/9764

      Comments

      Login here to join the discussion.


      Diary Archives