Patch Tuesday, Jan 13
Yesterday was the first Patch Tuesday of the year. Today, Windows users will find that their computers have restarted overnight and most will not even notice any changes...one hopes. Today is informally known as Exploit Wednesday, after all. So let’s recap the updates to security and fixes for known issues, shall we?
This patch addresses 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities, as well as eight "Critical" vulnerabilities, 6 of which are remote code execution flaws and 2 are elevation-of-privilege flaws (source: Bleeping Computer). Among those are 57 Elevation of Privilege vulnerabilities, 3 Security Feature Bypass vulnerabilities, 22 Remote Code Execution vulnerabilities, 22 Information Disclosure vulnerabilities, 2 Denial of Service vulnerabilities and 5 Spoofing vulnerabilities.
The actively exploited zero-day is an information disclosure flaw in the Desktop Window Manager (CVE-2026-20805), which allows an authorized attacker to disclose information locally. Successful leveraging of the vulnerability lets attackers read memory addresses associated with the remote ALPC port. While the flaw has been reported by Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC), details of the exploitation in the wild have not been released to the public.
The other two zero-day vulnerabilities are the Secure Boot expiration bypass (CVE-2026-21265), which is also covered in a Bleeping Computer report, and the Windows Agere Soft Modem Driver Elevation of Privilege vulnerability (CVE-2023-31096), which Microsoft previously announced they would be removing at a future date.
Microsoft is not the only company to release patches this week. A number of others have followed suit on the monthly update schedule, including Adobe, Cisco, Fortinet, D-Link, Google, n8n, Trend Micro and Veeam, to name a few. The details of each are listed in the first link of this article, as well as a breakdown of the security updates to resolve vulnerabilities across the board. Eight of these patches have a severity rating of critical.
It’s become something of a habit for me to pay close attention to Patch Tuesday, not only because it’s good to know what’s changed, but because there will inevitably be attempts to exploit these now publicly listed vulnerabilities in the coming days. As your friendly neighborhood WISPer, it’s my job to report on those attempts. And every month there seems to be more and more of both fixed bugs and exploits thereof, something I’ve talked about before. But I won’t lie, it would be nice to have the rest of my week be boring. It’s unlikely – threat actors never rest – but it would be nice.
Posted on LinkedIn, 1/13/26













