Microsoft released its January Patch Tuesday updates on 2026-01-16, addressing 112 vulnerabilities, including three zero-day exploits and eight critical flaws. These updates primarily target Windows users and include significant security improvements.
Key Vulnerability Updates
Notably, the updates address an actively exploited zero-day flaw in the Desktop Window Manager (DWM), now catalogued by CISA. Organizations are urged to prioritize this update with a remediation deadline set for 2026-02-03. Other critical updates include a series of remote code execution vulnerabilities in Office that can be exploited through the Outlook Preview Pane.
- Desktop Window Manager flaw (zero-day) under active exploitation.
- 112 vulnerabilities fixed, with 95 affecting Windows directly.
- Three zero-day and eight critical vulnerabilities addressed.
- Patch releases started on 2026-01-16; key dates noted by CISA.
- Microsoft Edge and SQL Server also received significant updates.
Known Issues and Fixes
Some users have reported authentication errors connecting to Azure Virtual Desktop. Microsoft recommends using the Remote Desktop client as a temporary workaround. Additionally, legacy modem drivers have been deprecated, potentially affecting hardware compatibility. Microsoft issued a Known Issue Rollback for password icon issues on Windows login screens and advises Group Policy updates for enterprise environments.
Several resolved issues include crashes in applications such as Outlook and Teams, and RemoteApp connection problems in Azure environments. Microsoft also removed vulnerable modem drivers to enhance security.
Testing and Guidance
The Readiness team advises prioritizing testing for DWM changes, SMB/Network file updates, and Office applications. Key areas include visual elements, SMB connections, unattended OS deployments, and complex Excel workbooks. Administrators should track approaching Windows lifecycle milestones and certificate changes. The updates for Office and Windows aim to ensure security and operational continuity.
