Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Microsoft's January update fixes 112 flaws, including zero-day exploits in Desktop Window Manager and critical NTFS buffer overflow bugs.

By Content Team

Jan 14, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Microsoft released its largest January security update ever, fixing 112 vulnerabilities—nearly double December's count. The standout concern is CVE-2026-20805, a zero-day flaw in Desktop Window Manager that hackers are already exploiting to steal memory information and potentially escalate attacks.

Eight vulnerabilities are flagged as likely exploitation targets, including two critical Windows NTFS buffer overflow bugs that could allow remote code execution. Security experts warn these third-party-reported flaws may soon become public, creating urgency for patches.

Two Microsoft Office vulnerabilities stand out for enabling code execution through the Preview Pane without user interaction—meaning simply viewing a file could trigger an attack.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Exploit Critical Quest KACE Flaw to Take Over Management Systems

Mar 21, 2026

Microsoft Patches Actively Exploited Office Zero-Day Vulnerability

Jan 27, 2026

Massive Healthcare Cyberattack Paralyzes Medical Billing Across America

Mar 6, 2026

Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks

Jan 2, 2026