Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities.
So far this month, Microsoft has already provided patches to address one browser vulnerability and around a dozen vulnerabilities in open source products, which are not included in the Patch Tuesday count above.
Read more…
Source: Rapid7
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Researchers found three flaws in ACT e-voting system that could affect election outcomes
May 12, 2021
The Australian Capital Territory Standing Committee on Justice and Community Safety has been looking into the 2020 ACT Election and the Electoral Act, covering among other things, systems for electronic voting. The COVID-19 Emergency Response Legislation Amendment Act 2020 introduced temporary amendments to the Electoral Act for the October 2020 election. These included the deployment of ...
- Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine
May 11, 2021
A computer science professor from Sweden has discovered an arbitrary code execution vuln in the Universal Turing Machine, one of the earliest computer designs in history – though he admits it has “no real-world implications”. In a paper published on academic repository ArXiv, Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, ...
- Wormable Windows Bug Opens Door to DoS, RCE
May 11, 2021
Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good news is that none of the vulnerabilities are being actively exploited ...
- Lemon Duck hacking group adopts Microsoft Exchange Server vulnerabilities in new attacks
May 10, 2021
Researchers have explored the latest activities of the Lemon Duck hacking group, including the leverage of Microsoft Exchange Server vulnerabilities and the use of decoy top-level domains. The active exploit of zero-day Microsoft Exchange Server vulnerabilities in the wild was a security disaster for thousands of organizations. Four critical flaws, dubbed ProxyLogon, impact on-prem Microsoft Exchange Server ...
- NAME:WRECK DNS Bugs: What You Need to Know
May 9, 2021
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name. The ...
- Qualcomm chip vulnerability found in millions of Google, Samsung, and LG phones
May 8, 2021
Millions of phones across the globe were affected by a vulnerability found within a ubiquitous Qualcomm chipset, according to researchers with Israeli cybersecurity firm Checkpoint. Check Point’s Slava Makkaveev published a blog post on Thursday highlighting a security flaw in Qualcomm’s Mobile Station Modem Interface “that can be used to control the modem and dynamically patch ...