January Patch Tuesday: Microsoft Issues Critical Updates Amid Exploits

On January 14, 2026, Microsoft released its January Patch Tuesday, addressing a substantial 114 Common Vulnerabilities and Exposures (CVEs). Among these, three zero-day vulnerabilities caught significant attention, particularly CVE-2026-20805, which affects the Desktop Window Manager and is confirmed to be actively exploited in the wild. Users are urged to apply these patches immediately to mitigate potential attacks.

In addition to Microsoft's updates, a severe vulnerability in MongoDB, identified as CVE-2025-14847, was disclosed today. Dubbed "MongoBleed," this vulnerability allows unauthorized access to sensitive data and has a CVSS score of 8.7, highlighting its critical nature. Organizations using affected versions should take urgent action to secure their databases.

The day also saw a report of a supply chain cyberattack impacting Belgian hospitals, particularly AZ Monica, forcing a shutdown of systems linked to a compromised software vendor. This incident underscores the persistent risks facing healthcare operations and patient data security.

Moreover, ransomware attacks continue to plague various sectors, with Luxshare Precision Industry Co. Ltd. being notably affected. The attackers not only stole internal data but also employed encrypting tactics for double extortion, emphasizing the growing complexity and threat of ransomware incidents.

Overall, today's events reflect a troubling trend in cybersecurity resilience, where both high-profile companies and public institutions struggle against sophisticated attack vectors. It is crucial for security professionals to remain vigilant and proactive in patching vulnerabilities and enhancing overall security postures.