January Patch Tuesday hits with 113 fixes, including an actively exploited DWM zero-day

Microsoft’s January Patch Tuesday rolls out updates for at least 113 vulnerabilities across Windows and supported software, eight rated critical. The standout is CVE-2026-20805 in Desktop Window Manager, which is already being exploited in the wild and can be chained with other flaws. Office remote-code execution bugs CVE-2026-20952/20953 are fixed, while legacy Agere modem drivers agrsm64.sys/agrsm.sys were removed due to exploit activity linked to CVE-2023-31096. A separate critical CVE-2026-21265 exposes a Secure Boot bypass tied to expired root certificates, requiring careful BIOS/bootloader updates. Firefox/Firefox ESR patched 34 flaws including CVE-2026-0891/0892, and Chrome WebView CVE-2026-0628 was fixed; Edge/Chrome updates are expected. Per-patch guidance from SANS ISC emphasizes timely patching and checking for install issues.