January 2026 Patch Tuesday: 114 CVEs Patched Including 3 Zero-Days

This CrowdStrike Patch Tuesday bulletin details multiple Microsoft vulnerabilities—most notably an actively exploited Desktop Window Manager information-disclosure zero-day (CVE-2026-20805)—alongside several critical remote code execution and privilege-escalation flaws in Microsoft Office, Windows Graphics, LSASS, Secure Boot and other components; it provides CVSS scores, exploitation impact and required attacker conditions, and directs readers to patches, mitigations and the Falcon platform dashboards for prioritization.