Table of Contents
- What critical security fixes did Microsoft release in the January 2026 Patch Tuesday?
- Critical Security Analysis: Why You Must Update
- The Three Zero-Day Vulnerabilities
- Summary of Patch Tuesday Fixes
- How to Install the Update
- Windows Server 2025 and 2023 Specifics
- New Features in Windows 11 (25H2 and 24H2)
- Advanced Settings Page
- Start Menu Evolution
- File Explorer Refinements
- Handheld Gaming Optimizations
- A Note for Windows 10 Users
- Known Issues
- Remote Desktop Protocol (RDP)
What critical security fixes did Microsoft release in the January 2026 Patch Tuesday?
As your advisor on operating system maintenance, I recommend you prioritize the January 2026 Patch Tuesday update. This rollout covers Windows 11 versions 25H2, 24H2, and 23H2, alongside significant patches for Windows Server. While consumer-facing features are minimal this month, the update addresses 114 security vulnerabilities. Three of these are zero-day exploits, making immediate installation a prudent choice for your digital safety.
Critical Security Analysis: Why You Must Update
This month’s patch focuses heavily on “Your Money or Your Life” (YMYL) data protection. Microsoft has patched 114 unique vulnerabilities. Neglecting this update leaves your system exposed to specific high-risk threats.
The Three Zero-Day Vulnerabilities
These are flaws that attackers were already aware of or utilizing before Microsoft released the fix.
- CVE-2026-20805 (Information Disclosure): This flaw affects the Desktop Window Manager. Hackers exploited this to leak memory addresses through a remote port, which helps them bypass other security layers.
- CVE-2026-21265 (Security Feature Bypass): This issue involves expiring Secure Boot certificates from 2011. If you leave this unpatched, an attacker could bypass Secure Boot protections, potentially loading malicious software during startup.
- CVE-2023-31096 (Elevation of Privilege): This vulnerability existed in older Agere Soft Modem drivers (agrsm64.sys). Attackers used these drivers to gain administrative rights. Microsoft has resolved this by removing the drivers entirely.
Summary of Patch Tuesday Fixes
- Critical Risks: 8 flaws allow Remote Code Execution (RCE), meaning an attacker could control your PC wirelessly.
- Elevation of Privilege: 57 bugs allowed standard users to gain admin control.
- Spoofing & Information Disclosure: 27 combined bugs allowed identity theft or data leakage.
How to Install the Update
For most users, the standard procedure is sufficient. Navigate to Settings > Windows Update and select “Check for updates.”
If the automatic download fails, you should use the Microsoft Update Catalog. Search for the specific KB number listed in the table above (e.g., KB5074109 for Windows 11) to download the offline installer.
Windows Server 2025 and 2023 Specifics
System administrators should note a divergence in update strategy. Windows Server 2025 now uses a unique identifier (KB5073379) that differs from the Windows 11 consumer client. This separation improves clarity for management processes.
Key Server Changes:
- Driver Removal: Obsolete Motorola modem drivers (smserial.sys) are now removed to prevent privilege escalation attacks.
- Hotpatch Fix: A bug preventing Hotpatch updates after installing out-of-band updates is resolved.
- Component Security: The WinSqlite3.dll component, used by many third-party apps, received essential security hardening.
New Features in Windows 11 (25H2 and 24H2)
While security is the primary driver this month, users on the latest builds (KB5074109) will notice several functional improvements.
Advanced Settings Page
Microsoft has renamed the “For Developers” page to Advanced Settings. You can find this under Settings > System. It now hosts features for power users, such as:
- GitHub Integration: View commit history and branches directly within File Explorer.
- Hyper-V Controls: Toggle Windows Sandbox and virtualization features more easily.
Start Menu Evolution
The Start menu now features a “Category” view as the default for the All Apps list. This creates a cleaner, single-page interface. However, this layout is vertically taller than the previous grid design, consuming more screen real estate. You may switch back to the standard grid if you prefer density over categorization.
File Explorer Refinements
Dark Mode Consistency: Dark mode now correctly applies to file transfer dialogs and “delete confirmation” pop-ups.
Drag Tray Updates: Dragging a file to the top of the screen now supports multi-file sharing with more relevant app suggestions.
Handheld Gaming Optimizations
The “Full Screen Experience” is no longer exclusive to ASUS ROG hardware. Devices like the Legion Go 2 now support this feature, which optimizes background resource usage for better gaming performance.
A Note for Windows 10 Users
Mainstream support for Windows 10 ended in late 2025. You will only receive the January update (Build 19045.6809) if you are enrolled in the Extended Security Updates (ESU) program. This update mirrors the driver removals and Secure Boot fixes found in the newer operating systems.
Known Issues
My analysis of early user reports and Microsoft documentation identifies one specific conflict.
Remote Desktop Protocol (RDP)
Users connecting via the Windows App to Azure Virtual Desktop or Windows 365 may experience connection failures. Microsoft is currently engineering a resolution for this conflict.
I advise you to apply these updates promptly to ensure your system remains resilient against the identified zero-day threats.