On January 13, Microsoft released its January 2026 security update, addressing 112 newly disclosed vulnerabilities. Arctic Wolf has highlighted four vulnerabilities affecting Microsoft Windows and Office in this bulletin due to their potential risk.
Vulnerabilities
| Vulnerability | CVSS | Description | Exploited? |
| CVE-2026-20952 | 8.4 | Microsoft Office Remote Code Execution – A use-after-free vulnerability in Microsoft Office allows unauthorized threat actors to execute code locally. Exploitation requires a victim to open a malicious file or log on to the system. Although the threat actor is remote, the exploitation and code execution occur on the victim’s local system. | No |
| CVE-2026-20953 | 8.4 | Microsoft Office Remote Code Execution – A use-after-free vulnerability in Microsoft Office allows unauthorized threat actors to execute code locally. Exploitation requires a victim to open a malicious file or log on to the system. Although the threat actor is remote, the exploitation and code execution occur on the victim’s local system. | No |
| CVE-2026-20944 | 8.4 | Microsoft Word Remote Code Execution – A remote threat actor can exploit an out-of-bounds read vulnerability in Microsoft Office Word to execute code locally by sending a malicious file and convincing a victim to open it. Although the threat actor is remote, the exploitation and code execution occur on the victim’s local system. | No |
| CVE-2026-20805 | 5.5 | Desktop Window Manager Information Disclosure Vulnerability – A vulnerability in Desktop Window Manager could allow an authorized threat actor to disclose sensitive information locally to an unauthorized actor. The information exposed may include a section address from a remote Advanced Local Procedure Call (ALPC) port in user‑mode memory, which could aid further exploitation. At this time, exploitation details have not been publicly disclosed. | Yes |
Recommendation
Upgrade to Latest Fixed Versions
Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.
| Affected Product | Vulnerability | Update Article |
| Windows Server 2025 | CVE-2026-20805 | 5074109 |
| Windows Server 2022, 23H2 Edition | CVE-2026-20805 | 5073450 |
| Windows Server 2022 | CVE-2026-20805 | 5073457 |
| Windows Server 2019 | CVE-2026-20805 | 5073723 |
| Windows Server 2016 | CVE-2026-20805 | 5073722 |
| Windows Server 2012 R2 | CVE-2026-20805 | 5073696 |
| Windows Server 2012 | CVE-2026-20805 | 5073698 |
| Windows 11 Version 25H2 for x64-based, and ARM64-based Systems | CVE-2026-20805 | 5074109 |
| Windows 11 Version 24H2 for x64-based, and ARM64-based Systems | CVE-2026-20805 | 5074109 |
| Windows 11 Version 23H2 for x64-based, and ARM64-based Systems | CVE-2026-20805 | 5073455 |
| Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2026-20805 | 5073724 |
| Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems | CVE-2026-20805 | 5073724 |
| Windows 10 Version 1809 for 32-bit, x64-based Systems | CVE-2026-20805 | 5073723 |
| Windows 10 Version 1607 for 32-bit, x64-based Systems | CVE-2026-20805 | 5073722 |
| Microsoft Office LTSC for Mac 2021 and 2024 | CVE-2026-20952, CVE-2026-20953, CVE-2026-20944 | Release Notes |
| Microsoft Office LTSC 2024 for 32-bit and 64-bit editions | CVE-2026-20952, CVE-2026-20953 | Click to Run |
| Microsoft Office LTSC 2021 for 32-bit and 64-bit editions | CVE-2026-20952, CVE-2026-20953 | Click to Run |
| Microsoft Office 2019 for 32-bit and 64-bit editions | CVE-2026-20952, CVE-2026-20953 | Click to Run |
| Microsoft Office 2016 for 32-bit and 64-bit editions | CVE-2026-20952, CVE-2026-20953 | 5002826 |
| Microsoft 365 Apps for Enterprise for 32-bit and 64-bit Systems | CVE-2026-20952, CVE-2026-20953, CVE-2026-20944 | Click to Run |
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
