Tag :
Cyber Security

Summary

On January 14 (UTC+8), 2026, Microsoft released its January 2026 Security Updates, which included patches for a total of 115 CVEs, an increase of 45 CVEs compared to the previous month.

In terms of vulnerability severity, there were 8 vulnerabilities marked as "Critical" and 107 vulnerabilities marked as "Important/High". In terms of vulnerability types, there were primarily 21 remote code execution vulnerabilities, 58 privilege escalation vulnerabilities, and 22 information disclosure vulnerabilities.

Statistics

Vulnerability Trend

Figure 1 Vulnerabilities Patched by Microsoft in the Last 12 Months

Figure 1 Vulnerabilities Patched by Microsoft in the Last 12 Months

  • On the whole, Microsoft released 115 patches in January 2026, including 8 critical vulnerability patches.
  • Based on Microsoft's historical vulnerability disclosures and the specific circumstances of this year, Sangfor FarSight Labs estimates that Microsoft will announce fewer vulnerabilities in the coming February in comparison to January. We expect a figure of approximately 80 vulnerabilities.

Comparison of Vulnerability Trends

The following figure shows the number of patches released by Microsoft in the month of January from 2023 to 2026.

Figure 2 Number of Windows Patches Released by Microsoft in January from 2023 to 2026

Figure 2 Number of Windows Patches Released by Microsoft in January from 2023 to 2026

The following figure shows the trend and number of vulnerabilities at different severity levels addressed by Microsoft in January from 2023 to 2026.

Figure 3 Number of Vulnerabilities by Severity Level Addressed by Microsoft in January from 2023 to 2026

Figure 3 Number of Vulnerabilities by Severity Level Addressed by Microsoft in January from 2023 to 2026

The following figure shows the number of vulnerabilities by type addressed by Microsoft in January from 2023 to 2026.

Figure 4 Number of Vulnerabilities by Type Addressed by Microsoft in January from 2023 to 2026

Figure 4 Number of Vulnerabilities by Type Addressed by Microsoft in January from 2023 to 2026

Data source: Microsoft security updates

  • Compared to last year, there has been a decrease in terms of the number of vulnerabilities this year. The number of vulnerabilities addressed by Microsoft in January 2026 has decreased. A total of 115 vulnerability patches, including 8 critical ones, have been reported this month.
  • Compared to last year, the number of vulnerabilities at the Critical level addressed by Microsoft has decreased, and that of vulnerabilities at the Important/High level has also decreased. Specifically, 8 vulnerabilities at the Critical level have been addressed, a decrease of about 27%; and 107 vulnerabilities at the Important/High level have been addressed, a decrease of about 29%.
  • In terms of the vulnerability type, both the number of remote code execution (RCE) vulnerabilities and the number of denial-of-service (DoS) vulnerabilities have decreased, whereas the number of elevation of privilege (EoP) vulnerabilities has increased. We should remain highly vigilant because, when combined with social engineering techniques, attackers can exploit RCE vulnerabilities to take over the entire local area network (LAN) and launch attacks.

Details of Key Vulnerabilities

Analysis

Desktop Window Manager Information Disclosure Vulnerability (CVE-2026-20805)

Desktop Window Manager (DWM) is the compositing window manager in Microsoft Windows since Windows Vista that enables the use of hardware acceleration to render the graphical user interface of Windows. It was originally created to enable portions of the new "Windows Aero" user experience, which allowed for effects such as transparency and 3D window switching.

An information disclosure vulnerability exists in it, which attackers can exploit to obtain unauthorized information from the target system. This vulnerability is known to have been exploited in the wild, and after assessment, it is considered critical in terms of the threat level. We recommend that users promptly update the Microsoft security patches.

Secure Boot Certificate Expiration Security Feature Bypass Vulnerability (CVE-2026-21265)

Secure Boot is a boot integrity protection mechanism that Windows provides based on the Unified Extensible Firmware Interface (UEFI) firmware. It is used to prevent unsigned or tampered boot components from being executed at the early stages of system startups, so as to guard against boot-level malware such as bootkits and rootkits.

A security feature bypass vulnerability exists in it, which attackers can exploit to perform unauthorized activities by bypassing the security features on the target system. After assessment, it is considered that this vulnerability is critical in terms of the threat level. We recommend that users promptly update the Microsoft security patches.

Affected Versions

Vulnerability Name & CVE ID  Desktop Window Manager Information Disclosure Vulnerability (CVE-2026-20805) 
Affected Version Windows Server 2025 (Server Core installation)
Windows Server 2025
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems 
Vulnerability Name & CVE ID  Secure Boot Certificate Expiration Security Feature Bypass Vulnerability (CVE-2026-21265) 
Affected Version Windows Server 2025 (Server Core installation)
Windows Server 2025
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems 

Solutions

Official Solution

Microsoft has released security patches for affected software. Affected users can install the corresponding security patches based on their system versions.

Download links:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20805

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21265

References

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan

Timeline

On January 14, 2026, Microsoft released a security bulletin.

On January 14, 2026, Sangfor FarSight Labs released a vulnerability alert.

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Related Articles

Command Injection in the phMonitor Service of Fortinet FortiSIEM (CVE-2025-64155)

Date : 16 Jan 2026
Read Now

XML External Entity Injection (XXE) in Apache Struts (CVE-2025-68493)

Date : 16 Jan 2026
Read Now

MongoDB Unauthorized Memory Leak (CVE-2025-14847)

Date : 14 Jan 2026
Read Now

See Other Product

Athena SASE - Secure Access Service Edge
Sangfor Athena NGFW - Next Generation Firewall
Sangfor Athena EPP - Modern Endpoint Protection Platform
Sangfor Athena NDR - Network Detection and Response
Cyber Command - NDR Platform
MDR TCO Calculator - User Input Page

Meet the Author

Sangfor HQ Building

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
See Author's Detail