Microsoft has released security updates addressing 112 vulnerabilities in January, marking a substantial reduction compared to the same period last year when 165 issues were identified. This month's patch round also includes three non-Microsoft vulnerabilities linked to Microsoft services.
The majority of the vulnerabilities are considered less likely or unlikely to be exploited, though eight have been flagged as more likely, each with a severity score of 7.8 out of 10. Two critical flaws, both rated at 8.8, involve remote code execution risks through specific Microsoft services.
These vulnerabilities range from potential exploits in the Routing and Remote Access Service (RRAS) to SharePoint Server access via Site Member permissions. While high-severity scores indicate significant risks, they do not guarantee immediate exploitation. Context matters—some may require niche conditions or local access to be viable threats.
This update comes as a notable improvement over January 2025, when Microsoft mitigated a critical flaw with a CVSS score of 9.9 before its public release. That vulnerability could have allowed attackers to bypass authentication in the Azura AI Face service, potentially elevating network privileges.
Security updates are an ongoing necessity, especially as operating systems like Windows 10 transition out of mainstream support. Users relying on unsupported versions risk exposure to vulnerabilities without patches unless they opt for extended security updates. Regular updates remain the best defense against evolving threats.
