Patch Tuesday: January 2026 Latest Patch Updates & Breakdown

Q: What is Patch Tuesday?

Patch Tuesday, the colloquial term for Microsoft's Update Tuesday that falls on second Tuesday of every month. That is when Microsoft rolls out patch updates to improve security of the Microsoft applications... more

Q: When is Patch Tuesday?

Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on ... more

Q: Where can I find more details about individual bulletins?

Each CVE ID listed in the ... more

Microsoft Patch Tuesday January 2026 - Summary

Jan 152026

Read Blog

127

Patches

112

Vulnerabilities

18

Articles

6

Impacts

CVE Index for January 2026 Patch Tuesday Updates

Critical Vulnerabilities
Zero-day vulnerabilities
Microsoft Windows
Microsoft
Office
Others

Vulnerable Component	Impact	CVE ID
Microsoft Excel	Remote Code Execution	CVE-2026-20957
Microsoft Excel	Remote Code Execution	CVE-2026-20955
Microsoft Office	Remote Code Execution	CVE-2026-20953
Microsoft Office	Remote Code Execution	CVE-2026-20952
Microsoft Word	Remote Code Execution	CVE-2026-20944
Windows Virtualization-Based Security (VBS) Enclave	Elevation of Privilege	CVE-2026-20876
Windows Local Security Authority Subsystem Service (LSASS)	Remote Code Execution	CVE-2026-20854
Windows Graphics Component	Elevation of Privilege	CVE-2026-20822

Vulnerable Component	Impact	CVE ID
Secure Boot Certificate Expiration	Security Feature Bypass	CVE-2026-21265
Desktop Window Manager	Information Disclosure	CVE-2026-20805
MITRE: CVE-2023-31096 Windows Agere Soft Modem Driver	Elevation of Privilege	CVE-2023-31096

CVE ID	Severity	Impact
CVE-2026-20941	Important	Elevation of Privilege
CVE-2026-20940	Important	Elevation of Privilege
CVE-2026-20939	Important	Information Disclosure
CVE-2026-20938	Important	Elevation of Privilege
CVE-2026-20937	Important	Information Disclosure
CVE-2026-20936	Important	Information Disclosure
CVE-2026-20935	Important	Information Disclosure
CVE-2026-20934	Important	Elevation of Privilege
CVE-2026-20932	Important	Information Disclosure
CVE-2026-20931	Important	Elevation of Privilege
CVE-2026-20929	Important	Elevation of Privilege
CVE-2026-20927	Important	Denial of Service
CVE-2026-20926	Important	Elevation of Privilege
CVE-2026-20925	Important	Spoofing
CVE-2026-20924	Important	Elevation of Privilege
CVE-2026-20923	Important	Elevation of Privilege
CVE-2026-20922	Important	Remote Code Execution
CVE-2026-20921	Important	Elevation of Privilege
CVE-2026-20920	Important	Elevation of Privilege
CVE-2026-20919	Important	Elevation of Privilege
CVE-2026-20918	Important	Elevation of Privilege
CVE-2026-20877	Important	Elevation of Privilege
CVE-2026-20965	Important	Elevation of Privilege
CVE-2026-20875	Important	Denial of Service
CVE-2026-20874	Important	Elevation of Privilege
CVE-2026-20873	Important	Elevation of Privilege
CVE-2026-20872	Important	Spoofing
CVE-2026-20871	Important	Elevation of Privilege
CVE-2026-20870	Important	Elevation of Privilege
CVE-2026-20869	Important	Elevation of Privilege
CVE-2026-20868	Important	Remote Code Execution
CVE-2026-20867	Important	Elevation of Privilege
CVE-2026-20866	Important	Elevation of Privilege
CVE-2026-20865	Important	Elevation of Privilege
CVE-2026-20864	Important	Elevation of Privilege
CVE-2026-20863	Important	Elevation of Privilege
CVE-2026-20862	Important	Information Disclosure
CVE-2026-20861	Important	Elevation of Privilege
CVE-2026-20860	Important	Elevation of Privilege
CVE-2026-20859	Important	Elevation of Privilege
CVE-2026-20858	Important	Elevation of Privilege
CVE-2026-20857	Important	Elevation of Privilege
CVE-2026-20856	Important	Remote Code Execution
CVE-2026-20853	Important	Elevation of Privilege
CVE-2026-20852	Important	Tampering
CVE-2026-20849	Important	Elevation of Privilege
CVE-2026-20848	Important	Elevation of Privilege
CVE-2026-20847	Important	Spoofing
CVE-2026-20844	Important	Elevation of Privilege
CVE-2026-20843	Important	Elevation of Privilege
CVE-2026-20842	Important	Elevation of Privilege
CVE-2026-20840	Important	Remote Code Execution
CVE-2026-20839	Important	Information Disclosure
CVE-2026-20838	Important	Information Disclosure
CVE-2026-20837	Important	Remote Code Execution
CVE-2026-20834	Important	Spoofing
CVE-2026-20833	Important	Information Disclosure
CVE-2026-20832	Important	Elevation of Privilege
CVE-2026-20831	Important	Elevation of Privilege
CVE-2026-20829	Important	Information Disclosure
CVE-2026-20828	Important	Information Disclosure
CVE-2026-20827	Important	Information Disclosure
CVE-2026-20826	Important	Elevation of Privilege
CVE-2026-20825	Important	Information Disclosure
CVE-2026-20824	Important	Security Feature Bypass
CVE-2026-20823	Important	Information Disclosure
CVE-2026-20821	Important	Information Disclosure
CVE-2026-20820	Important	Elevation of Privilege
CVE-2026-20819	Important	Information Disclosure
CVE-2026-20818	Important	Information Disclosure
CVE-2026-20817	Important	Elevation of Privilege
CVE-2026-20816	Important	Elevation of Privilege
CVE-2026-20812	Important	Tampering
CVE-2026-20811	Important	Elevation of Privilege
CVE-2026-20810	Important	Elevation of Privilege
CVE-2026-20809	Important	Elevation of Privilege
CVE-2026-20808	Important	Elevation of Privilege
CVE-2026-20804	Important	Tampering
CVE-2026-0386	Important	Remote Code Execution
CVE-2024-55414	Important	Elevation of Privilege

CVE ID	Severity	Impact
CVE-2026-20959	Important	Spoofing
CVE-2026-20958	Important	Information Disclosure
CVE-2026-20956	Important	Remote Code Execution
CVE-2026-20951	Important	Remote Code Execution
CVE-2026-20950	Important	Remote Code Execution
CVE-2026-20949	Important	Security Feature Bypass
CVE-2026-20948	Important	Remote Code Execution
CVE-2026-20947	Important	Remote Code Execution
CVE-2026-20946	Important	Remote Code Execution
CVE-2026-20943	Important	Remote Code Execution
CVE-2026-20963	Important	Remote Code Execution
CVE-2026-20803	Important	Elevation of Privilege

CVE ID	Severity	Impact
CVE-2026-21226	Important	Remote Code Execution
CVE-2026-21224	Important	Elevation of Privilege

Vulnerable Component	CVE ID	Severity	Impact
DirectX Graphics Kernel	CVE-2026-20836	Important	Elevation of Privilege
DirectX Graphics Kernel	CVE-2026-20814	Important	Elevation of Privilege
Dynamic Root of Trust for Measurement (DRTM)	CVE-2026-20962	Important	Information Disclosure
Inbox COM Objects (Global Memory)	CVE-2026-21219	Important	Remote Code Execution
Capability Access Management Service (camsvc)	CVE-2026-21221	Important	Elevation of Privilege
	CVE-2026-20851	Important	Information Disclosure
	CVE-2026-20835	Important	Information Disclosure
	CVE-2026-20830	Important	Elevation of Privilege
	CVE-2026-20815	Important	Elevation of Privilege

Previous Patch Tuesday Updates and Fixes

Microsoft Windows Patch Tuesday - Overview

What is Patch Tuesday?

Patch Tuesday or Update Tuesday is the common name for the second Tuesday of every month when Microsoft releases security updates for its operating system and other software. Coinciding with the Patch Tuesday, several other vendors such as Oracle, Mozilla, Adobe, and many others roll out updates for the third-party applications.

When is Patch Tuesday?

Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on Feb 10, 2026.

What is patching and why is it important?

Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability. Such vulnerabilities in any application are loop holes for attackers to get their hands on business critical data and information. So it is highly crucial to keep all the applications in a network updated to its latest versions. Updating applications in mobile phones and laptops also work in the same manner by preventing theft of personal data, through security flaws.

What kind of patch updates are released during Patch Tuesday?

Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released. Effective Windows patch management involves prioritizing these based on severity, automating deployment, and ensuring rollback or compatibility testing. It is always a best practice to prioritize your patching based on the severity level mentioned.

What are CVE IDs?

CVE ID - Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD). You can look up for a detailed explanation of each vulnerability in the NVD with the help of CVE ID. In Patch Manager Plus you can make use of these CVE IDs to fetch the appropriate patches to deploy. You can find the CVE IDs here.

How to register for ManageEngine's Free Patch Tuesday webinar?

The upcoming Free Patch Tuesday webinar by ManageEngine is scheduled on -. You can make your registrations here.

Where can I find more details about individual bulletins?

Each CVE ID listed in the CVE Index section has been linked to its security advisory.

Unfold what this Patch Tuesday has in store for you

Upcoming Webinar

- 11:30 a.m. EST& 6:30 a.m. GMT

Agenda of the Free Patch Tuesday webinar

Book your slots here!

Thank you for registering with us.