Patch Tuesday, January 2026 Edition
- Microsoft issued critical patches for 113 security holes in various Windows operating systems and supported software.
- CVE-2026-20805, a flaw in the Desktop Window Manager (DWM), is actively exploited by threat actors despite its low CVSS score of 5.5.
- Two Microsoft Office remote code execution bugs are also critical and can be triggered just by viewing a booby-trapped message.