Fortra's January 2026 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
Up first on the list are patches for Microsoft Edge (Chromium-based) that resolves an insufficient policy enforcement vulnerability.
Next on the list are patches for Microsoft Office, Word, and Excel. These patches resolve 11 issues including elevation of privilege, security feature bypass, and remote code execution vulnerabilities.
Up next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities, including elevation of privilege, tampering, security feature bypass, information disclosure, and remote code execution vulnerabilities. These vulnerabilities affect Kernel, RRAS, LSASS, Virtualization-based Security, Win32k, File Explorer, Inbox COM, Management Services, NTFS, and various others.
Lastly, administrators should focus on server-side patches for SMB, LDAP, Hyper-V, SharePoint, Exchange, WSUS and SQL Server. These patches resolve 15 issues including remote code execution, elevation of privilege, tampering, denial of service, information disclosure, and spoofing vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Microsoft Edge (Chromium-based) | CVE-2026-0628 |
| Microsoft Office Word | CVE-2026-20948, CVE-2026-20944 |
| Microsoft Office | CVE-2026-20943, CVE-2026-20952, CVE-2026-20953 |
| Microsoft Office Excel | CVE-2026-20950, CVE-2026-20946, CVE-2026-20956, CVE-2026-20957, CVE-2026-20955, CVE-2026-20949 |
| Windows I | CVE-2026-20823, CVE-2026-20939, CVE-2026-20937, CVE-2026-20932, CVE-2026-20816, CVE-2026-0386, CVE-2026-20931, CVE-2026-20817, CVE-2026-20864, CVE-2026-20920, CVE-2026-20811, CVE-2026-20863, CVE-2026-20870, CVE-2026-20837, CVE-2026-20808, CVE-2026-20869, CVE-2026-20852, CVE-2026-20804, CVE-2026-20820, CVE-2026-20822, CVE-2026-21265, CVE-2026-20849, CVE-2026-20833, CVE-2026-20829, CVE-2026-20836, CVE-2026-20814, CVE-2026-20857, CVE-2026-20940, CVE-2026-20831, CVE-2026-20810, CVE-2026-20860, CVE-2026-20838, CVE-2026-20818, CVE-2026-20839, CVE-2026-20875, CVE-2026-20854, CVE-2026-20847, CVE-2026-20834, CVE-2026-20962, CVE-2023-31096, CVE-2026-20925, CVE-2026-20872, CVE-2026-20826, CVE-2026-20827, CVE-2026-20938, CVE-2026-20876, CVE-2026-20935, CVE-2026-20819, CVE-2026-20821, CVE-2026-21224, CVE-2026-20828 |
| Windows II | CVE-2026-21219, CVE-2026-20805, CVE-2026-20871, CVE-2026-20965, CVE-2026-20843, CVE-2026-20868, CVE-2026-20941, CVE-2026-20858, CVE-2026-20918, CVE-2026-20923, CVE-2026-20924, CVE-2026-20873, CVE-2026-20861, CVE-2026-20866, CVE-2026-20867, CVE-2026-20865, CVE-2026-20874, CVE-2026-20877, CVE-2026-20862, CVE-2026-20929, CVE-2026-20832, CVE-2026-20809, CVE-2026-20859, CVE-2024-55414, CVE-2026-20842, CVE-2026-20853, CVE-2026-21221, CVE-2026-20830, CVE-2026-20815, CVE-2026-20851, CVE-2026-20835, CVE-2026-20844, CVE-2026-20824, CVE-2026-20922, CVE-2026-20840, CVE-2026-20936 |
| Windows SMB Server | CVE-2026-20927, CVE-2026-20919, CVE-2026-20934, CVE-2026-20921, CVE-2026-20926, CVE-2026-20848 |
| Windows LDAP - Lightweight Directory Access Protocol | CVE-2026-20812 |
| Windows Hyper-V | CVE-2026-20825 |
| Microsoft Office SharePoint | CVE-2026-20958, CVE-2026-20963, CVE-2026-20951, CVE-2026-20947, CVE-2026-20959 |
| Windows Server Update Service | CVE-2026-20856 |
| SQL Server | CVE-2026-20803 |
Cybersecurity for Your Industry
Your industry is unique. Your cybersecurity stack should be, too. Fortra® offers cybersecurity solutions to meet the challenges and compliance requirements of industries around the world.
