Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: MICROSOFT PATCH TUESDAY JANUARY 2026 PATCHES 113 VULNERABILITIES (8 CRITICAL, 105 IMPORTANT), PATCH IMMEDIATELY!!
Image
Published : 14/01/2026
* Last update: 14/01/2026
* Affected products:
→ Multiple Microsoft Products* Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
* CVE/CVSS:
Microsoft patched 113 vulnerabilities in its January 2026 Patch Tuesday release, 8 rated as critical, 105 rated important and 0 as moderate. Including 2 0- day vulnerabilities and 1 vulnerability that is actively exploited.
Number of CVE by type:
- 22 Remote Code Execution vulnerabilities
- 56 Elevation of Privilege vulnerabilities
- 22 Information Disclosure vulnerabilities
- 5 Spoofing vulnerability
- 2 Denial of Service vulnerabilities
- 3 Security Feature Bypass vulnerabilities
- 3 Tampering
Sources
Microsoft - https://.msrc.microsoft.com/update-guide/releaseNote/2026-Jan
Risks
Microsoft’s January 2026 Patch Tuesday includes 113 vulnerabilities (8 critical, 105 important and 0 moderate) for a wide range of Microsoft products, impacting Microsoft Server and Workstations.
This Patch Tuesday includes 1 actively exploited vulnerability and 2 0-Days. Some other vulnerabilities are also more likely to be exploited soon, therefore urgent patching is advised.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2026-20805: Desktop Window Manager (Actively exploited)
Information Disclosure Vulnerability.
This CVE is impacting Desktop Window Manager. Successful exploitation of this vulnerability could allow an authenticated attacker to disclose sensitive data locally. According to Microsoft, this vulnerability is actively exploited in attacks in the wild as a zero-day.
CISA has acknowledged active exploitation of this vulnerability by adding it to its catalogue of known exploited vulnerabilities. CISA urges users to address this vulnerability before February 3, 2026.
CVE-2026-21265: Windows Secure Boot
Security Feature Bypass Vulnerability.
It is a secure boot certificate expiration security feature bypass vulnerability, with a CVSSv3 score of 6.4 and rated as important. It is assessed as “Exploitation Less Likely.”
Successful exploitation requires high attack complexity and could allow an attacker to bypass Secure Boot protections.
Microsoft warns that Windows Secure Boot certificates issued in 2011 are coming to expiration and that systems that are not updated are at a higher risk of Secure Boot being bypassed by malicious actors.
CVE-2026-20952 and CVE-2026-20953: Microsoft Office
Remote Code Execution Vulnerability.
CVE-2026-20952 and CVE-2026-20953 are critical remote code execution vulnerabilities affecting Microsoft Office, both with a CVSS score of 8.4.
These vulnerabilities could allow an unauthenticated attacker to execute arbitrary code by exploiting use-after-free conditions in Microsoft Office components. A attacker could exploit these vulnerabilities through a social engineering attack by sending specially crafted malicious emails or links to the target users.
CVE-2026-20840 and CVE-2026-20922: Windows New Technology File System
Remote Code Execution Vulnerability.
These CVEs are remote code execution vulnerabilities affecting Windows NTFS. Both have a CVSSv3 scores of 7.8 and are rated as important. Microsoft has assessed both vulnerabilities as likely to be exploited.
According to Microsoft, both vulnerabilities result from heap-based buffer overflows that could allow an authenticated attacker to achieve remote code execution on an affected system.
CVE-2026-20854: Windows Local Security Authority Subsystem Service (LSASS)
Remote Code Execution Vulnerability.
CVE-2026-20854 is a critical remote code execution vulnerability in Windows LSASS, with a CVSSv3 score of 7.5.
The vulnerability arises from a use-after-free condition that can be triggered over the network by an authenticated attacker. Given that LSASS service is responsible for authentication and security policy enforcement, successful exploitation could allow an attacker to execute code with severe consequences, including complete system compromise.
CVE-2026-20876: Windows Virtualization-Based Security (VBS) Enclave
Elevation of Privilege Vulnerability (EoP).
CVE-2026-20876 is a critical EoP vulnerability in Windows VBS Enclave. This CVE is assigned with a CVSS score of 6.7 and rated as critical.
This vulnerability is caused by a heap-based buffer overflow that could allow an authenticated attacker with elevated privileges to elevate their access locally. Successful exploitation could grant Virtual Trust Level 2 (VTL2) privileges, compromising fundamental Windows security protections designed to isolate and defend sensitive system operations.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Register - https://www.theregister.com/2026/01/14/patch_tuesday_january_2026/
The Hacker News - https://thehackernews.com/2026/01/microsoft-fixes-114-windows-flaws-in.html
Qualys - https://blog.qualys.com/vulnerabilities-threat-research/2026/01/13/microsoft-patch-tuesday-january-2026-security-update-review
Tenable - https://www.tenable.com/blog/microsofts-january-2026-patch-tuesday-addresses-113-cves-cve-2026-20805