Microsoft's January 2026 Patch Tuesday update, identified as KB5074109, addresses 114 vulnerabilities, including a severe zero-day flaw in Windows Desktop Window Manager (DWM) affecting Windows 11 versions 24H2 and 25H2.
Zero-Day and Critical Fixes
The most critical resolution targets an information disclosure vulnerability in DWM, actively exploited in the wild. This issue allows attackers with local access to extract sensitive memory data via Advanced Local Procedure Call (ALPC) ports. The vulnerability was identified and reported by Microsoft's Threat Intelligence Center and Security Response Center.
- 114 total vulnerabilities addressed in this update.
- Zero-day DWM flaw actively exploited, resolved.
- Critical AI component updates and security hardening applied.
Additional Vulnerability Patches
Microsoft also resolved additional high-severity vulnerabilities deemed "exploitation more likely," including:
- CVE-2026-20816: Privilege escalation in Windows Installer.
- CVE-2026-20817: Elevation of privilege in Windows Error Reporting.
- Several other critical system vulnerabilities, including NTFS and WinSock.
System & Support Adjustments
The update removes support for obsolete modem drivers like agrsm64.sys and introduces reliability fixes for Azure Virtual Desktop and WSL networking. Power efficiency improvements target Neural Processing Units (NPUs) to prevent battery drain.
- Azure Virtual Desktop RemoteApp connection failures addressed.
- WSL networking issue affecting VPN connections resolved.
- Windows Deployment Services (WDS) deployment now disabled by default.
Users are advised to install the update via Settings > Windows Update and follow recommended backup procedures before application.
