Microsoft has released its monthly security update for January 2026, addressing 114 vulnerabilities across its products, including three zero-day flaws, one of which has already been exploited in real-world attacks. According to Microsoft, the update fixes eight critical vulnerabilities, comprising six remote code execution (RCE) flaws and two elevation of privilege issues. The flaw was discovered by the Microsoft Threat Intelligence Centre (MSTIC) and the Microsoft Security Response Centre (MSRC). If left unpatched, attackers could exploit this weakness to bypass Secure Boot protections and run untrusted code during the system boot process. The latest update renews and replaces the affected certificates to maintain Secure Boot security, following an earlier advisory issued in June.

Source: Bangkok Post January 19, 2026 12:38 UTC