By Cisco Talos Blog
Publication Date: 2026-01-13 18:29:00
Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as “critical”.
In this month’s release, Microsoft observed one of the included “important” vulnerabilities, CVE-2026-20805, as being exploited in the wild. Out of 8 “critical” entries, 6 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Windows Local Security Authority Subsystem Service (LSASS), Microsoft Word, Microsoft Excel, and Microsoft Office. The two remaining “critical” entries are elevation of privilege (EoP) vulnerabilities affecting Windows Graphic Component and Windows Virtualization-Based Security (VBS) Enclave.
CVE-2026-20822 is a critical elevation of privilege vulnerability affecting Windows Graphic Component. This vulnerability is due to a use-after-free (UAF) bug that could enable an…
