Microsoft has released its January Patch Tuesday updates, resolving 114 security vulnerabilities, with a critical focus on a flaw actively exploited in the wild. These updates address eight Critical and 106 Important vulnerabilities.
Major Security Patches
Among the 114 flaws, the security community has highlighted the actively exploited vulnerability in Desktop Window Manager (DWM), which has been rated with a CVSS score of 5.5. Identified by the Microsoft Threat Intelligence Center and Microsoft Security Response Center, this flaw presents risks as attackers can leverage it to disclose user-mode memory addresses. The Common Vulnerabilities and Exposures catalog now includes this DWM flaw, with federal agencies mandated to patch by 2026-02-03.
Another critical fix involves a privilege-escalation vulnerability in Windows Virtualization-Based Security (VBS) Enclave. With a CVSS score of 6.7, it poses severe risks as it allows attackers to gain Virtual Trust Level 2 privileges, though exploitation demands high-level access.
Additional Vulnerability Fixes
The updates also handle a Secure Boot certificate expiration issue that affects trust in firmware, scored at 6.4. Microsoft advises customers to update these certificates before their 2026 expiration to ensure continuous system boot operations.
Microsoft has deprecated legacy Agere SoftModem drivers, vulnerable to privilege escalation and previously exploited in the wild. This move follows a longer-term strategy to enhance system security by removing at-risk older drivers. Security experts recommend prompt application of all available patches to mitigate potential threats.
Corporations and individuals alike are warned to apply the provided updates immediately to safeguard against potential breaches.
