© All rights reserved. Powered by Techronicler 

News & Trends

January 2026 Patch Tuesday

The Techronicler Community by The Techronicler Community
5048 2 min 0

– Written by Tyler Reguly, Associate Director, Security R&D at Fortra

For January’s Patch Tuesday, CISOs should be paying a lot of attention to CVE-2026-21265 and the guidance associated with it. More specifically, they should be looking at the Windows Secure Boot certificate expiration and CA Updates that Microsoft published June 26, 2025. When the Secure Boot certificates expire in June of this year, organizations that haven’t prepared will not only find Secure Boot no longer operational, but they may also find that Windows boot manager and Secure Boot vulnerabilities have become an issue. 

It is important to note that the document is not a single page, but contains a multitude of links – including an entire deployment playbook for IT professionals. With less than half a year to prepare, it is time to ensure that environments and teams are prepared for this update.

One of the more interesting updates for this month’s Patch Tuesday is the Windows Agere Soft Modem Driver elevation of privilege (CVE-2023-31096). It is not often that you see a CVE from 3 years ago show up, but Microsoft is finally cleaning up a problem that has been around for a while. This driver ships with Microsoft Windows, but according to a post about this vulnerability, the driver has been EOL since 2016. The solution to this vulnerability is simply to remove the impacted drivers, agrsm64.sys and agrsm.sys, from systems.

If you’re a fan of statistics, here’s one for you. Microsoft moved away from the security bulletin system in February of 2017 and ushered in the new era of security guidance. Last year, January 2025, saw the largest January Patch Tuesday under this new system with 162 CVEs. This year, we see the third largest January Patch Tuesday with 115 CVEs. For those wondering, 2022 had the second largest January Patch Tuesday with 127 CVEs. 

This is also only the third time that we’ve seen more than 100 CVEs under the security guidance system. We’re sitting above the average 89 CVEs that we’ve seen over the 9 January Patch Tuesdays that we’ve had under the new system.

About the Author

Tyler Reguly is Associate Director, Security R&D at Fortra, responsible for overseeing a team of researchers that provide the security expertise for the company’s integrity and compliance monitoring solution. Tyler joined Fortra in 2022 when the company acquired Tripwire, where Tyler had been a part of the research team for more than fifteen years.

In addition to security research, Tyler has worked closely with Fanshawe College, from which he graduated with a diploma in Computer Systems Technology, developing five courses including subjects like Advanced Hacker Techniques & Tactics, Hacking and Exploits, Malware Research, Evolving Technologies and Threats, and Python Programming. He has also taught all five courses that he developed on multiple occasions.

 

If you wish to showcase your experience and expertise, participate in industry-leading discussions, and add visibility and impact to your personal brand and business, get in touch with the Techronicler team to feature in our fast-growing publication. 

Individual Contributors:

Answer our latest queries and submit your unique insights:
https://bit.ly/SubmitBrandWorxInsight

Submit your article:
https://bit.ly/SubmitBrandWorxArticle

PR Representatives:

Answer the latest queries and submit insights for your client:
https://bit.ly/BrandWorxInsightSubmissions

Submit an article for your client:
https://bit.ly/BrandWorxArticleSubmissions

Please direct any additional questions to: connect@brandworx.digital

Leave a comment

You may also like