Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

Source: Tenable Blog

Author: Research Special Operations

URL: https://www.tenable.com/blog/microsofts-january-2026-patch-tuesday-addresses-113-cves-cve-2026-20805

ONE SENTENCE SUMMARY:

Microsoft’s January 2026 Patch Tuesday addressed 113 CVEs, including two zero-days, with significant vulnerabilities in Office and NTFS.

MAIN POINTS:

1. Patched 113 CVEs, with 8 critical and 105 important.
2. Two zero-day vulnerabilities, one already exploited.
3. Multiple critical RCE vulnerabilities in Microsoft Office.
4. Key vulnerabilities found in NTFS affecting code execution.
5. Secure Boot certificate expiration poses security threats.
6. Many vulnerabilities involve elevation of privilege and remote code execution.
7. Exploitation of Preview Pane in Office doesn’t require file opening.
8. Specific CVEs include CVE-2026-20805 and CVE-2026-20952/53.
9. Important components patched include Windows, Azure, and SQL Server.
10. Tenable recommends prompt patching and vulnerability scanning.

TAKEAWAYS:

1. Prioritize patching critical and exploited vulnerabilities.
2. Monitor Secure Boot certificate expirations for security maintenance.
3. Be aware of Office vulnerabilities exploiting Preview Pane.
4. Ensure comprehensive vulnerability assessments and updates.
5. Engage with cyber threat discussions for ongoing security awareness.