Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage for January 2026

by Security News

Overview

Microsoft’s January 2026 Patch Tuesday has 113 vulnerabilities, of which 55 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2026 and has produced coverage for 8 of the reported vulnerabilities.

Vulnerabilities with Detections

CVE

CVE Title

Signature

CVE-2026-20805Desktop Window Manager Information Disclosure VulnerabilityASPY 7160 Exploit-exe exe.MP_490
CVE-2026-20816Windows Installer Elevation of Privilege VulnerabilityASPY 7161 Exploit-exe exe.MP_491
CVE-2026-20817Windows Error Reporting Service Elevation of Privilege VulnerabilityASPY 7162 Exploit-exe exe.MP_492
CVE-2026-20820Windows Common Log File System Driver Elevation of Privilege VulnerabilityASPY 7163 Exploit-exe exe.MP_493
CVE-2026-20840Windows NTFS Remote Code Execution VulnerabilityASPY 7159 Malformed-vhd vhd.MP_1
CVE-2026-20843Windows Routing and Remote Access Service (RRAS) Elevation of Privilege VulnerabilityASPY 664 Exploit-exe exe.MP_484
CVE-2026-20860Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityASPY 663 Exploit-exe exe.MP_488
CVE-2026-20871Desktop Windows Manager Elevation of Privilege VulnerabilityASPY 662 Exploit-exe exe.MP_487

 

Release Breakdown

The vulnerabilities can be classified into the following categories:

 

Jan_2026_chart_impact_1.png

 

Jan_2026_chart_severity_2.png

For January there are 8 critical and 105 important vulnerabilities.

 

Jan_2026_chart_Vul_count_3.png

 

Jan_2026_chart_expl_dis_4.png

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

 

Jan_2026_chart_expl_assesment_5.png

 

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVECVE Title
CVE-2026-20875Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2026-20927Windows SMB Server Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities

CVECVE Title
CVE-2026-20803Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2026-20808Windows File Explorer Elevation of Privilege Vulnerability
CVE-2026-20809Windows Kernel Memory Elevation of Privilege Vulnerability
CVE-2026-20810Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-20811Win32k Elevation of Privilege Vulnerability
CVE-2026-20814DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-20815Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVE-2026-20816Windows Installer Elevation of Privilege Vulnerability
CVE-2026-20817Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2026-20820Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-20822Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2026-20826Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
CVE-2026-20830Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVE-2026-20831Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-20832Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
CVE-2026-20836DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-20842Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-20843Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2026-20844Windows Clipboard Server Elevation of Privilege Vulnerability
CVE-2026-20848Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20849Windows Kerberos Elevation of Privilege Vulnerability
CVE-2026-20853Windows WalletService Elevation of Privilege Vulnerability
CVE-2026-20857Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-20858Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20859Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2026-20860Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-20861Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20863Win32k Elevation of Privilege Vulnerability
CVE-2026-20864Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2026-20865Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20866Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20867Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20869Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
CVE-2026-20870Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2026-20871Desktop Windows Manager Elevation of Privilege Vulnerability
CVE-2026-20873Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20874Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20876Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2026-20877Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20918Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20919Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20920Win32k Elevation of Privilege Vulnerability
CVE-2026-20921Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20923Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20924Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20926Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20929Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2026-20931Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-20934Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20938Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2026-20940Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-20941Host Process for Windows Tasks Elevation of Privilege Vulnerability
CVE-2026-20965Windows Admin Center Elevation of Privilege Vulnerability
CVE-2026-21221Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability
CVE-2026-21224Azure Connected Machine Agent Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVECVE Title
CVE-2026-20805Desktop Window Manager Information Disclosure Vulnerability
CVE-2026-20818Windows Kernel Information Disclosure Vulnerability
CVE-2026-20819Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
CVE-2026-20821Remote Procedure Call Information Disclosure Vulnerability
CVE-2026-20823Windows File Explorer Information Disclosure Vulnerability
CVE-2026-20825Windows Hyper-V Information Disclosure Vulnerability
CVE-2026-20827Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability
CVE-2026-20828Windows rndismp6.sys Information Disclosure Vulnerability
CVE-2026-20829TPM Trustlet Information Disclosure Vulnerability
CVE-2026-20833Windows Kerberos Information Disclosure Vulnerability
CVE-2026-20835Capability Access Management Service (camsvc) Information Disclosure Vulnerability
CVE-2026-20838Windows Kernel Information Disclosure Vulnerability
CVE-2026-20839Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability
CVE-2026-20851Capability Access Management Service (camsvc) Information Disclosure Vulnerability
CVE-2026-20862Windows Management Services Information Disclosure Vulnerability
CVE-2026-20932Windows File Explorer Information Disclosure Vulnerability
CVE-2026-20935Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
CVE-2026-20936Windows NDIS Information Disclosure Vulnerability
CVE-2026-20937Windows File Explorer Information Disclosure Vulnerability
CVE-2026-20939Windows File Explorer Information Disclosure Vulnerability
CVE-2026-20958Microsoft SharePoint Information Disclosure Vulnerability
CVE-2026-20962Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities

CVECVE Title
CVE-2026-0386Windows Deployment Services Remote Code Execution Vulnerability
CVE-2026-20837Windows Media Remote Code Execution Vulnerability
CVE-2026-20840Windows NTFS Remote Code Execution Vulnerability
CVE-2026-20854Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
CVE-2026-20856Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
CVE-2026-20868Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-20922Windows NTFS Remote Code Execution Vulnerability
CVE-2026-20943Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-20944Microsoft Word Remote Code Execution Vulnerability
CVE-2026-20946Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20947Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20948Microsoft Word Remote Code Execution Vulnerability
CVE-2026-20950Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20951Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-20952Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20953Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20955Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20956Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20957Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20960Microsoft Power Apps Remote Code Execution Vulnerability
CVE-2026-20963Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-21219Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
CVE-2026-21226Azure Core shared client library for Python Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities

CVECVE Title
CVE-2026-20824Windows Remote Assistance Security Feature Bypass Vulnerability
CVE-2026-20949Microsoft Excel Security Feature Bypass Vulnerability
CVE-2026-21265Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVECVE Title
CVE-2026-20834Windows Spoofing Vulnerability
CVE-2026-20847Microsoft Windows File Explorer Spoofing Vulnerability
CVE-2026-20872NTLM Hash Disclosure Spoofing Vulnerability
CVE-2026-20925NTLM Hash Disclosure Spoofing Vulnerability
CVE-2026-20959Microsoft SharePoint Server Spoofing Vulnerability

 

Tampering Vulnerabilities

CVECVE Title
CVE-2026-20804Windows Hello Tampering Vulnerability
CVE-2026-20812LDAP Tampering Vulnerability
CVE-2026-20852Windows Hello Tampering Vulnerability

 

 

 

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Related Articles

  • Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236)
    Read More
  • Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE
    Read More