Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft's January 2026 Patch Tuesday update addresses 114 Windows flaws, including an actively exploited Desktop Window Manager bug added to CISA's KEV list. The update includes eight Critical and 106 Important vulnerabilities, with 58 privilege escalation, 22 information disclosure, 21 remote code execution, and five spoofing flaws. The actively exploited vulnerability (CVE-2026-20805) is an information disclosure flaw in Desktop Window Manager, which allows local attackers to disclose sensitive information. CISA has mandated FCEB agencies to apply the latest fixes by February 3, 2026.