HomeMicrosoft Patch Tuesday › January 2026

Please link to this page, it changes often. Thank you! The Senserva Team.

Microsoft Patch Tuesday, January 2026

·

Microsoft's January 2026 security release, published January 13, 2026: 27 updates fixing 109 CVEs, ranked by confirmed exploitation, ransomware use, and severity. Provided by Senserva.

Still active now. 1 CVE from this release is on the Senserva hot list today (as of 2026-07-12), still ranked among the most dangerous vulnerabilities right now by confirmed exploitation, ransomware use, EPSS, and severity. See the current hot list.
27
Updates (KBs)
109
CVEs fixed
3
Actively exploited
11
Critical updates

Actively exploited CVEs (CISA KEV)

CVE-2026-20963Microsoft SharePoint Remote Code Execution VulnerabilityCVSS 9.8Exploited
CVE-2026-21509Microsoft Office Security Feature Bypass VulnerabilityCVSS 7.8Exploited
CVE-2026-20805Desktop Window Manager Information Disclosure VulnerabilityCVSS 5.5Exploited Hot now

Other high-risk CVEs (CVSS 8.8+)

CVE-2025-6965Integer Truncation on SQLiteCVSS 9.8
CVE-2026-20868Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityCVSS 8.8
CVE-2026-20947Microsoft SharePoint Server Remote Code Execution VulnerabilityCVSS 8.8

Products fixed this month

Windows 10 Version 1809 for 32-bit Systems (10)Windows 11 Version 25H2 for x64-based Systems (7)Windows 11 Version 25H2 for ARM64-based Systems (7)Windows Server 2019 (7)Microsoft SharePoint Server 2019 (7)Microsoft Office 2019 for 32-bit editions (4)Microsoft Office 2016 (32-bit edition) (4)Microsoft Office 2016 (64-bit edition) (4)Windows Server 2019 (Server Core installation) (4)Windows Server 2022 (4)
Take this release to your AI

Composed from the January 2026 release data above. Copy it into Claude, ChatGPT, or Copilot. Free, no sign-in.

Reference: Microsoft CVE and vulnerability management, ranked by real-world risk, and the Microsoft patching guide.
Data notice: this page is provided as is, for informational purposes only, without warranty of any kind. Senserva, LLC does not guarantee the accuracy, completeness, or timeliness of third-party data (MSRC, NVD, CISA KEV, EPSS) and accepts no liability for actions taken based on it; verify against the authoritative Microsoft advisory before acting. Built daily with Senserva Trustworthy AI. All use of this data is subject to the Senserva EULA.