CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft January 2026 Patch Tuesday Addresses 3 Zero-Days, 114 Flaws

First reported
Last updated
4 unique sources, 8 articles

Summary

Hide ▲

Microsoft's January 2026 Patch Tuesday addressed 114 vulnerabilities, including three zero-days: one actively exploited (CVE-2026-20805) and two publicly disclosed (CVE-2026-21265 and CVE-2023-31096). The updates covered a range of flaw types, with eight classified as 'Critical,' including remote code execution and elevation-of-privilege vulnerabilities. Additionally, Microsoft released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability (CVE-2026-21509) exploited in attacks, affecting multiple Office versions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20805 and CVE-2026-21509 to its Known Exploited Vulnerabilities (KEV) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the latest fixes by February 3, 2026, and February 16, 2026, respectively. The flaw was discovered by the Microsoft Threat Intelligence Center (MSTIC), the Microsoft Security Response Center (MSRC), and the Office Product Group Security Team, and affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise.

Timeline

  1. 26.01.2026 20:20 3 articles · 1d ago

    Microsoft Releases Emergency Patch for Actively Exploited Office Zero-Day

    The article provides additional details on the high-severity Microsoft Office zero-day vulnerability (CVE-2026-21509), including its discovery by the Microsoft Threat Intelligence Center (MSTIC), the Microsoft Security Response Center (MSRC), and the Office Product Group Security Team. It also confirms the vulnerability's impact on multiple versions of Microsoft Office and the necessity for users to install updates to be protected.

    Show sources
    Open in new tab
  2. 13.01.2026 21:57 5 articles · 14d ago

    Microsoft Automatically Replaces Expiring Secure Boot Certificates

    The article provides additional context on the Secure Boot certificate expiration vulnerability (CVE-2026-21265), including the specific certificates that will expire in June and October 2026.

    Show sources
    Open in new tab
  3. 13.01.2026 20:34 6 articles · 14d ago

    Microsoft January 2026 Patch Tuesday Addresses 3 Zero-Days, 114 Flaws

    The article provides additional details on the actively exploited zero-day vulnerability CVE-2026-20805, including its impact on Address Space Layout Randomization (ASLR) and the involvement of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). It also highlights the removal of Agere Soft Modem drivers and the critical-rated privilege escalation flaw in Windows Virtualization-Based Security (VBS) Enclave (CVE-2026-20876). The article mentions that Microsoft previously addressed an actively exploited zero-day flaw in DWM in May 2024 (CVE-2024-30051). Additionally, Microsoft released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability (CVE-2026-21509) exploited in attacks, affecting multiple Office versions.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

CVE-2024-37079 in VMware vCenter Exploited in the Wild

CVE-2024-37079, a critical heap overflow flaw in VMware vCenter Server, is being actively exploited in the wild. The vulnerability, patched in June 2024, allows remote code execution via a specially crafted network packet. Broadcom confirmed the active exploitation and advised customers to apply security patches immediately. CISA added the flaw to its KEV catalog, mandating FCEB agencies to secure their systems by February 13, 2026, under BOD 22-01. There are no known workarounds or mitigations, emphasizing the urgency of applying the latest patches.

Open in new tab

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with four new vulnerabilities that are being actively exploited in the wild. The vulnerabilities affect Synacor Zimbra Collaboration Suite, Versa Concerto SD-WAN, Vite Vitejs, and eslint-config-prettier. Federal agencies are required to apply patches by February 12, 2026. The vulnerabilities include a PHP remote file inclusion flaw, an authentication bypass, an improper access control issue, and a supply chain attack involving malicious code execution. Exploitation of one of the vulnerabilities, CVE-2025-68645, has been ongoing since January 14, 2026. CVE-2025-31125 affects only exposed dev instances and has been patched in versions 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11. CVE-2025-34026 is caused by a Traefik reverse proxy misconfiguration that allows access to administrative endpoints, including the internal Actuator endpoint, exposing heap dumps and trace logs. Affected products for CVE-2025-34026 are Concerto 12.1.2 through 12.2.0, although additional versions may also be impacted. Researchers at cybersecurity company ProjectDiscovery reported the issues to the vendor on February 13, 2025, and Versa Concerto confirmed to BleepingComputer that they had fixed them on March 7, 2025. Installing an affected package (versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7) for CVE-2025-54313 would run a malicious install.js script that launched the node-gyp.dll payload on Windows to steal npm authentication tokens. CVE-2025-68645 is a local file inclusion vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite 10.0 and 10.1 caused by improper handling of user-supplied parameters in the RestFilter servlet.

Open in new tab

Windows 11 Update KB5074109 Causes Outlook Freezes for POP Users

Microsoft has released emergency out-of-band updates on January 25, 2026, to address an issue causing Microsoft Outlook to freeze for users with POP email accounts. The problem, which affects users of Windows 11 25H2 and 24H2, Windows 10, and multiple Windows Server platforms, occurs when PST files are stored in cloud storage like OneDrive or Dropbox. The issue prevents Outlook from exiting properly and restarting after being closed. Users can temporarily resolve the issue by uninstalling the KB5074109 update or accessing their email accounts via webmail or moving their Outlook PST files out of OneDrive. The out-of-band updates include fixes for other issues, such as access to Microsoft 365 Cloud PC sessions and Secure Launch bugs.

Open in new tab

Windows 11 23H2 Shutdown Issue with System Guard Secure Launch

Windows 11 23H2 devices with System Guard Secure Launch enabled fail to shut down properly after installing the January 13, 2026, cumulative update (KB5073455). Affected systems restart instead of shutting down or entering hibernation. This issue impacts Enterprise and IoT editions of Windows 11, version 23H2. Microsoft has provided a temporary workaround for shutdown but no solution for hibernation. The company is also addressing a separate bug in the January 2026 KB5074109 update causing Remote Desktop connection failures. Microsoft has released an out-of-band update (KB5077797) to fix the shutdown issue in Windows 11 23H2.

Open in new tab

Microsoft Releases Windows 10 KB5073724 Extended Security Update

Microsoft has released the KB5073724 extended security update for Windows 10, addressing three zero-day vulnerabilities and expiring Secure Boot certificates. The update is available for Windows 10 Enterprise LTSC and systems enrolled in the Extended Security Update (ESU) program. It removes specific modem drivers, updates the WinSqlite3.dll component, and phases in new Secure Boot certificates to prevent potential security breaches. The update brings Windows 10 to build 19045.6809 and Windows 10 Enterprise LTSC 2021 to build 19044.6809.

Open in new tab