Today is Microsoft' 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.

Microsoft’s January 2026 Patch Tuesday fixes 112 CVEs, including an exploited Windows DWM zero-day, plus critical flaws across SharePoint, Office, and Windows services.

Microsoft has patched three zero-day vulnerabilities in the first patch Tuesday of 2026, including one under active exploitation

Among them is a zero-day vulnerability in Desktop Window Manager (DWM) designated as CVE-2026-20805 (CVSS score: 5.5), which attackers are already exploiting to leak memory address information that could weaken system protections and enable follow-on attacks.

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some ...

Eight critical vulnerabilities and an actively exploited zero day highlight Microsoft’s first Patch Tuesday announcements for 2026. Most of the higher scoring vulnerabilities impact Office products, with two holes in SharePoint scoring an 8.8 on the CVSS scale.

Microsoft concluded 2025 with a massive security update that cybersecurity teams cannot ignore. Released yesterday (Dec. 9) as cumulative update KB5072033, this security patch addresses 57 vulnerabilities across Windows systems and Office applications ...

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed ...