Microsoft released its January 2026 security update, addressing 112 newly disclosed vulnerabilities. Arctic Wolf has highlighted four vulnerabilities affecting Microsoft Windows and Office in this bulletin.

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Microsoft's January 2026 Patch Tuesday addresses 112 vulnerabilities, with four critical issues highlighted: three remote code execution vulnerabilities in Microsoft Office and Word (CVE-2026-20953, CVE-2026-20944, CVE-2026-20805) involving use-after-free and out-of-bounds read flaws requiring victim interaction, and one Desktop Window Manager information disclosure vulnerability that could expose sensitive memory addresses. Organizations should upgrade to the latest fixed versions following their standard patching procedures.

Microsoft Patch Tuesday: January 2026