Article

Alert: Microsoft Security Updates - January 2026

Microsoft has released security updates addressing 114 vulnerabilities in its products. This includes one actively exploited zero-day (CVE-2023-31096), two publicly disclosed zero-days (CVE-2026-20805 and CVE-2026-21265), and eight critical flaws, six of which allow remote code execution and two that allow privilege escalation.

These updates apply to, but are not limited to:

Windows OS: 11.
Windows Server: 2022, 2025.
MS SQL Server: 2017, 2019, 2022, 2025.
Microsoft Office: 2021, 2024.

Security Risks

The identified vulnerabilities could allow attackers to run malicious programs, gain unauthorized access, view sensitive information, and compromise the security and integrity of affected systems.

For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2
Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.
Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026
Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

14 January 2026

More updates

09 January 2026

Security Alert: Cisco Identity Services Engine Vulnerability Risks Sensitive Data Exposure

Cisco has released security updates to address a critical vulnerability.

08 January 2026

Security Alert: D-Link DSL Gateway Routers Vulnerability Actively Exploited

A critical security vulnerability (CVE-2026-0625) affects outdated D-Link DSL gateway routers.

22 December 2025

Advisory: Critical WatchGuard Fireware OS Vulnerability (CVE‑2025‑14733)

WatchGuard has identified a critical security flaw in its Firebox firewalls

18 December 2025

Alert: Fortinet Security Updates – December 2025

Fortinet has released security updates addressing two critical authentication bypass vulnerabilities.

These updates apply to, but are not limited to:

Windows OS: 11.

Windows Server: 2022, 2025.

MS SQL Server: 2017, 2019, 2022, 2025.

Microsoft Office: 2021, 2024.

Security Risks

The identified vulnerabilities could allow attackers to run malicious programs, gain unauthorized access, view sensitive information, and compromise the security and integrity of affected systems.

For the full list of security patches released by Microsoft, please refer to the Microsoft Security Update Guide and apply the necessary updates.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Apply the latest security patches as soon as possible to prevent unauthorized control over unpatched systems.

2. Upgrade immediately to the latest supported version of installed Microsoft software to continue receiving technical support and security patches.

The following Microsoft software products reached their end-of-life and need to be upgraded soon:

Windows Server 2003, 2003 RE, 2008, 2008 RE, 2008 SP2, 2012, and 2012 R2

Exchange Server 2003, 2007, 2010, 2013, 2016, 2019, and Windows Vista, XP, 8, and 7, 10.

Microsoft SQL Server 2005, 2008, 2012, 2014, and MS Office 2013, 2016 and 2019.

Additionally, scheduled for end-of-life in 2026; Upgrade recommended before end of support:

Microsoft SQL Server 2016: July 14, 2026

Microsoft Office 2021: October 13, 2026

For more information, including other products reaching end-of-support in 2026, see Microsoft’s official documentation.

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

Microsoft January 2026 Security Release Notes

Microsoft Ending Support in 2026

Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaw

	info@ncsa.gov.rw
	9009 / 0781813310
	‎+250 791 445 224