Microsoft Patch Tuesday addresses 112 defects, including one actively exploited zero-day | CyberScoop<\/title> <meta name=\"description\" content=\"Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-january-2026\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft Patch Tuesday addresses 112 defects, including one actively exploited zero-day\"> <meta property=\"og:description\" content=\"Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-january-2026\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-13T22:35:17+00:00\"> <meta property=\"article:modified_time\" content=\"2026-01-13T23:24:24+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1768337335g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87414\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87414\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-january-2026%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-january-2026%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87414 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-january-2026\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.551578947368\">\n<div class=\"single-article__header-content\" readability=\"34.633928571429\">\n<p> Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87414\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Microsoft\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Jeenah Moon\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"30.151043288695\"><body readability=\"61.926503340757\"><\/p>\n<p>Microsoft\u2019s first security update of 2026 addressed 112 vulnerabilities affecting its products and underlying systems, including one actively exploited zero-day in Desktop Window Manager. <\/p>\n<p>The company\u2019s latest <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2026-Jan\">Patch Tuesday update<\/a> marks the second consecutive month with no critical vulnerabilities disclosed. The batch of patches also contains more than 110 CVEs for the second January in a row. <\/p>\n<p>The zero-day vulnerability \u2014 <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2026-20805\">CVE-2026-20805<\/a> \u2014 is an information disclosure defect with a CVSS rating of 5.5 that can be exploited by an unauthorized attacker to expose sensitive information. The Cybersecurity and Infrastructure Security Agency added the defect to its <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/01\/13\/cisa-adds-one-known-exploited-vulnerability-catalog\">known exploited vulnerabilities catalog<\/a> Tuesday.<\/p>\n<p>Information disclosure vulnerabilities are sporadically exploited in the wild, but not often, according to Dustin Childs, head of threat awareness at Trend Micro\u2019s Zero Day Initiative. \u201cThis shows how memory leaks can be as important as code execution bugs since they make the remote code executions reliable,\u201d he wrote in a <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2026\/1\/13\/the-january-2026-security-update-review\">blog post<\/a>.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Jack Bicer, director of vulnerability research at Action1, concurred, added that the memory exposed by exploitation of CVE-2026-20805 can undermine defenses and bolster additional exploits. <\/p>\n<p>\u201cThis vulnerability increases the risk of successful multi-stage attacks,\u201d Bicer said in an email. \u201cLeaked memory details can be combined with other vulnerabilities to achieve privilege escalation or data theft, potentially leading to broader system compromise, regulatory exposure and loss of trust.\u201d<\/p>\n<p>Microsoft did not say how many attacks are linked to the zero-day. Yet, exploitation requires an attacker to have local access on the targeted system, Satnam Narang, senior staff research engineer at Tenable, said in an email.<\/p>\n<p>\u201cWhile Desktop Window Manager is a frequent flyer on Patch Tuesday with 20 CVEs patched in this library since 2022, this is the first time we\u2019ve seen an information disclosure bug in this component exploited in the wild,\u201d he added. \u201cAttackers have historically used it to climb the ladder of privileges.\u201d<\/p>\n<p>The most severe defects disclosed by Microsoft this month include <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-20947\">CVE-2026-20947<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-20963\">CVE-2026-20963<\/a> affecting Microsoft Office SharePoint, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-20868\">CVE-2026-20868<\/a> affecting Windows Routing and Remote Access Service, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-20952\">CVE-2026-20952<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-20955\">CVE-2026-20955<\/a> affecting Microsoft Office, and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-20944\">CVE-2026-20944<\/a> affecting Microsoft Office Word. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft also flagged eight vulnerabilities, each with a CVSS rating of 7.8, as more likely to be exploited this month. <\/p>\n<p>The full list of vulnerabilities addressed this month is available in <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2026-Jan\">Microsoft\u2019s Security Response Center<\/a>.<\/p>\n<p> <\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.4796511627907\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-january-2026\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Patch Tuesday addresses 112 defects, including one actively exploited<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3885,625,2660,256,3587,3408,288,3172,2281,703,3941],"tags":[3886,630,2662,262,3589,3409,294,3174,2283,705,3946],"class_list":["post-8256","post","type-post","status-publish","format-standard","hentry","category-action1","category-microsoft","category-patch-tuesday","category-research","category-security-patch","category-tenable","category-threats","category-trend-micro","category-vulnerability","category-vulnerability-disclosure","category-zero-day-initiative","tag-action1","tag-microsoft","tag-patch-tuesday","tag-research","tag-security-patch","tag-tenable","tag-threats","tag-trend-micro","tag-vulnerability","tag-vulnerability-disclosure","tag-zero-day-initiative"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/action1\/\" rel=\"category tag\">Action1<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patch-tuesday\/\" rel=\"category tag\">Patch Tuesday<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/security-patch\/\" rel=\"category tag\">security patch<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/tenable\/\" rel=\"category tag\">Tenable<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trend-micro\/\" rel=\"category tag\">Trend Micro<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day-initiative\/\" rel=\"category tag\">Zero Day Initiative<\/a>","tag_info":"Zero Day Initiative","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8256"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8256\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8256,"date":"2026-01-13T16:35:17","date_gmt":"2026-01-13T22:35:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87414"},"modified":"2026-01-13T16:35:17","modified_gmt":"2026-01-13T22:35:17","slug":"microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/13\/microsoft-patch-tuesday-addresses-112-defects-including-one-actively-exploited-zero-day\/","title":{"rendered":"Microsoft Patch Tuesday addresses 112 defects, including one actively exploited zero-day"},"content":{"rendered":"