Monthly Patch
January 2026 Monthly Patch
15 January 2026
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
The vulnerabilities that have been classified as Critical in severity are listed in the table below.
For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2026-Jan
Critical Vulnerabilities
CVE Number | CVE Name | Base Score | Reference |
|---|---|---|---|
CVE-2026-20944 | Microsoft Word Remote Code Execution Vulnerability | 8.4 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20944 |
CVE-2026-20953 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20953 |
CVE-2026-20952 | Microsoft Office Remote Code Execution Vulnerability | 8.4 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20952 |
CVE-2026-20822 | Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20822 |
CVE-2026-20957 | Microsoft Excel Remote Code Execution Vulnerability | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20957 |
CVE-2026-20955 | Microsoft Excel Remote Code Execution Vulnerability | 7.8 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20955 |
CVE-2026-20854 | Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | 7.5 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20854 |
CVE-2026-20876 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | 6.7 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-20876 |