The January 2026 Security Update Review

**Adobe and Microsoft January 2026 patch summary:** Adobe released 11 bulletins fixing 25 CVEs across Creative Cloud and ColdFusion (mostly Priority 3; ColdFusion is Priority 1) with several Critical fixes but no known active exploitation; Microsoft issued updates covering 112 (114 with Chromium) CVEs across Windows, Office, Azure and other components, including eight Critical flaws and one Desktop Window Manager information-disclosure vulnerability (CVE-2026-20805) reported as under active attack, plus multiple publicly known issues that administrators should prioritize for patching.