January Security Update: Microsoft Addresses High-Risk Vulnerabilities Across Multiple Products

On January 14, Microsoft released its January Security Update, addressing 112 security vulnerabilities across various products, such as Windows, Microsoft Office, SQL Server, and Azure. The update includes critical vulnerabilities classified as high-risk, particularly the Desktop Window Manager Information Disclosure Vulnerability (CVE-2026-20805), which has already been exploited in the wild.

Key Vulnerabilities Highlighted:

1. Desktop Window Manager Information Disclosure Vulnerability (CVE-2026-20805):

   • Allows authenticated attackers to access sensitive information due to improper memory protection when handling remote ALPC ports.
   • CVSS Score: 5.5
   • Official Announcement

2. Microsoft Office Remote Code Execution Vulnerabilities (CVE-2026-20952/CVE-2026-20953):

   • Attackers can execute code by enticing users to open malicious documents.
   • CVSS Score: 8.4
   • Details on CVE-2026-20952, Details on CVE-2026-20953

3. Microsoft Excel Remote Code Execution Vulnerabilities (CVE-2026-20955/CVE-2026-20957):

   • Exploits through untrusted pointer dereferences, enabling code execution on user hosts via malicious files.
   • CVSS Score: 7.8
   • View CVE-2026-20955, View CVE-2026-20957

4. Microsoft Word Remote Code Execution Vulnerability (CVE-2026-20944):

   • Similar to the Office vulnerabilities, it allows code execution via specially crafted documents.
   • CVSS Score: 8.4
   • More Information

5. Windows LSASS Remote Code Execution Vulnerability (CVE-2026-20854):

   • Exploitation through a use-after-free issue enabling attackers to execute arbitrary code.
   • CVSS Score: 7.5
   • Official Details

6. Windows NTFS Remote Code Execution Vulnerability (CVE-2026-20840):

   • Vulnerability allows local attackers to execute code through a heap-based buffer overflow.
   • CVSS Score: 7.8
   • Learn More

7. Windows Graphics Component Privilege Escalation Vulnerability (CVE-2026-20822):

   • Local attackers can escalate privileges due to conditional competition release reuse.
   • CVSS Score: 7.8
   • Read More

8. VBS Enclave Privilege Escalation Vulnerability (CVE-2026-20876):

   • Allows local attackers to elevate privileges to SYSTEM.
   • CVSS Score: 6.7
   • Details Available

Mitigation:

Microsoft has provided security patches for all affected versions of their products. Users are advised to update their systems promptly to mitigate these vulnerabilities. Access the January Security Update.

Conclusion

Users of Microsoft’s products should prioritize these updates to protect their systems against potential cyber threats resulting from these vulnerabilities. For a comprehensive list of affected products and vulnerabilities, refer to the official security update from Microsoft.