The first major security test of 2026 has arrived for IT administrators and home users alike. Microsoft has officially kicked off the new year with a massive Patch Tuesday rollout that addresses over 110 security vulnerabilities across its ecosystem. This extensive update covers Windows, Microsoft Office, Edge, and Azure services. The most pressing concern in this release is the confirmation of a zero day vulnerability that is currently being exploited in the wild.
Security experts are urging users to update their systems immediately to close these dangerous gaps. The January release is particularly significant as it marks one of the first major maintenance cycles following the general support end of Windows 10 last October. With critical fixes on the line, delaying this update could leave systems exposed to active threats.
Critical Vulnerabilities and Active Exploits
The headline of this month’s security bulletin is undoubtedly the sheer volume and severity of the bugs being squashed. Microsoft has patched approximately 114 security holes in this release. Out of these, eight are rated as Critical. These are the types of flaws that allow attackers to run malicious code on your computer without you ever clicking a link or opening a file.
The most alarming aspect of this update is the presence of an active zero day exploit.
A zero day exploit means hackers found the flaw before Microsoft developers knew about it or could fix it. While Microsoft has not released specific details on the nature of the attack to prevent copycat hackers, they have confirmed that bad actors are using it right now. This elevates the urgency of the January update from routine maintenance to a critical defense measure.
The security patches cover a wide ground:
- Remote Code Execution (RCE) flaws
- Privilege Escalation issues
- Spoofing vulnerabilities
- Information Disclosure gaps
System administrators should prioritize patching public facing servers and workstations that are frequently connected to the open internet. The speed at which these vulnerabilities are weaponized has increased drastically over the last few years.
windows 11 security update screen on laptop dark room
Windows 11 Receives Major Stability Overhaul
For the vast majority of consumers, the focus is on Windows 11. This operating system has now matured into versions 24H2 and the newer 25H2. These are the primary consumer releases currently receiving full support. The update package for these versions is labeled KB5074109.
This update does more than just patch security holes. It brings much needed stability improvements to the operating system. Users have reported various reliability jitters in recent months, and this cumulative update aims to smooth out those rough edges.
One key technical change involves the servicing of Secure Boot. Microsoft is adjusting how virtualization based security interacts with the boot process. This is a behind the scenes change, but it is vital for maintaining the integrity of the system against rootkits and boot level malware.
Enterprise users on Windows 11 version 23H2 are in a different boat.
Since this version has moved to enterprise servicing channels, the update (KB5073455) focuses strictly on security and quality fixes without adding new consumer features. It also includes changes to Secure Boot certificates. However, IT managers need to be aware that this specific update has introduced a frustrating bug regarding power management, which we will detail later in this report.
The New Reality for Windows 10 Users
We are now deep into the post support era for Windows 10. General support for the aging operating system ended in October 2025. This means millions of PCs are no longer receiving updates unless they are enrolled in the Extended Security Updates (ESU) program.
For those who have paid for the subscription, the January update is available as KB5073724.
This update is strictly business. It contains no new features, no cosmetic tweaks, and no speed boosts. It is a security only package designed to keep these legacy systems safe from modern threats. An interesting note in this release is the removal of outdated modem drivers. Microsoft is actively cleaning house, removing legacy code that could serve as an entry point for attackers.
If you are running Windows 10 and are not enrolled in the ESU program, your system will not receive these fixes. You are now running an operating system that is vulnerable to the 110+ bugs disclosed today. The recommendation from security professionals is unanimous. Upgrade to Windows 11 or disconnect that machine from the internet.
Known Issues and Workarounds
Software updates often come with side effects, and the January 2026 rollout is no exception. Two significant issues have surfaced that are causing headaches for users and administrators.
The Shutdown Bug
The most disruptive issue affects Windows 11 version 23H2, particularly on Enterprise and Education devices. After installing the update, systems with “Secure Launch” enabled are refusing to shut down or sleep. Instead of powering off, the device simply restarts. This can be a nightmare for laptop users trying to conserve battery or offices trying to save power overnight.
Microsoft does not have a permanent fix for the sleep mode issue yet. However, there is a workaround to force a shutdown using the Command Prompt.
How to force shutdown:
- Open the Start menu and type “cmd”.
- Run Command Prompt.
- Type the following command and hit Enter:
shutdown /s /t 0
Remote Desktop Authentication Failures
The second major issue hits the corporate sector. Users relying on Azure Virtual Desktop, Windows 365, or the new Windows App are reporting credential prompt failures. Essentially, the system fails to ask for a password correctly, preventing users from logging in to their remote work computers.
This appears to be a bug within the new Windows App architecture. The classic Remote Desktop client seems to be immune to this glitch. If you are locked out of your cloud PC, try switching to the web based RDP client or the legacy desktop application until Microsoft ships a correction.
Office and Server Security Sweeps
It is not just the operating system getting patched. Microsoft has also released a wave of updates for its productivity suite and server infrastructure. This includes fixes for Excel 2016, Word 2016, and various iterations of SharePoint Server.
Key Office Updates:
- Excel 2016: KB5002831
- Word 2016: KB5002829
- SharePoint Server 2019: KB5002825
Server administrators running Windows Server 2023 and the new Windows Server 2025 should look for KB5073450 and KB5073379 respectively. While no critical vulnerabilities were publicly disclosed specifically for the server products this month, the updates contain important preventative measures that should not be ignored.
To install these updates, home users can simply head to Settings > Windows Update and select Check for updates. Given the size of the patch and the critical nature of the zero day fix, a restart will be required. As always, ensure you have a backup of your important files before letting the update installation begin.
The January 2026 update sets a serious tone for the year. The threats are real, the exploits are active, and the window for patching your systems is closing fast.
