January 2026 Patch Tuesday: 114 CVEs Patched Including 3 Zero-Days

In January 2026, Microsoft released a security update addressing 114 vulnerabilities, including three zero-day exploits, as part of its Patch Tuesday initiative. The update included fixes for various critical vulnerabilities across Microsoft Windows, Office, and security components, such as remote code execution and elevation of privilege issues. Notably, an actively exploited zero-day vulnerability in Windows Desktop Window Manager was addressed, which previously allowed attackers to access sensitive system memory. The patch also handled critical vulnerabilities in Microsoft Office, such as those allowing remote code execution through malicious emails or links, and a critical elevation of privilege vulnerability within Windows Graphics. Despite these updates, some vulnerabilities remain unpatched, necessitating alternative mitigation strategies to maintain robust cybersecurity. The CrowdStrike Falcon platform aids in managing these vulnerabilities through its comprehensive exposure management capabilities, helping organizations to identify and prioritize security threats efficiently.