Microsoft Issues Emergency Patches for 113 Security Flaws, Including Actively Exploited Zero-Day

Microsoft has released a critical security update addressing a staggering 113 vulnerabilities across its Windows operating systems and related software. Among these, eight are classified as “critical,” and the company confirms that attackers are already actively exploiting at least one of the flaws.

The January security update addresses a zero-day vulnerability – CVE-2026-20805 – stemming from a weakness in the Desktop Window Manager (DWM), a core component responsible for managing windows on a user’s screen. Despite receiving a moderate CVSS score of 5.5, security researchers have confirmed its exploitation in real-world attacks.

According too a senior director of cyber threat research, this vulnerability can be leveraged to undermine Address space Layout Randomization (ASLR), a key operating system security feature designed to prevent buffer overflows and memory manipulation exploits. “By revealing where code resides in memory, this vulnerability can be chained with a separate code execution flaw, transforming a complex and unreliable exploit into a practical and repeatable attack,” the researcher explained. Microsoft has not yet disclosed the specific components involved in potential exploit chains,hindering proactive threat hunting efforts. Consequently, immediate patching is currently the most effective mitigation strategy.

A vice president of product management noted that CVE-2026-20805 impacts all currently supported Windows versions. They cautioned against dismissing the severity of the flaw based solely on its “Importent” rating and relatively low CVSS score, advocating for a risk-based prioritization approach.

The update also tackles two critical remote code execution bugs (CVE-2026-20952 and CVE-2026-20953) within Microsoft Office, which can be triggered simply by previewing a malicious message.

Beyond these immediate threats,Microsoft continues to address legacy vulnerabilities. Following the removal of a vulnerable modem driver in October 2025, the company has now removed two additional modem drivers – agrsm64.sys and agrsm.sys – due to a similar elevation of privilege vulnerability, tracked as CVE-2023-31096. This vulnerability was originally identified over two years ago, and the removal of these drivers highlights the ongoing risk posed by older components. One analyst pointed out that while most users will be unaffected, these drivers may still be present in industrial control systems. The question remains how many more legacy modem drivers remain within Windows and how many more vulnerabilities they harbor.

A critical Security Feature Bypass vulnerability (CVE-2026-21265) affecting Windows Secure Boot also demands immediate attention. This feature, designed to protect against rootkits and bootkits, relies on certificates expiring in June and October 2026. Systems without the updated 2023 certificates will no longer receive Secure Boot security updates onc the older certificates expire.Updating the bootloader and BIOS is crucial, but requires careful preparation to avoid rendering a system unbootable. “Fifteen years is a very long time in data security,” one researcher stated,”but the clock is running out on the Microsoft root certificates.”

Mozilla has released updates for Firefox and Firefox ESR, resolving 34 vulnerabilities, with two suspected to be actively exploited (CVE-2026-0891 and CVE-2026-0892).Updates for Google chrome and Microsoft Edge are also expected this week, alongside a fix for a high-severity chrome