January 2026 Patch Tuesday forecast: And so it continues

Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the latest trends, processes, and evolution of patch management, and finally yes, provide a forecast of what security patches are expected to release next week on Patch Tuesday.

Microsoft reported several issues you should be aware of with respect to the December Patch Tuesday releases. To start, in their Known Issues report they announced that ‘Message Queuing (MSMQ) might fail with the December 2025 Windows security update’. This was due to some recent security changes related to MSMQ. Symptoms include MSMQ queues becoming inactive and IIS sites failing with “Insufficient resources to perform operation” errors. They have since released out-of band KB5074976 to address the issues which impacted Windows 10 21H2 and 22H2.

Microsoft offers KIR or registry fix for Windows 11 issue

The next known issue was actually reported in KB5072033 for Windows 11 24H2 and 25H2. Listed as ‘RemoteApp sessions might fail to start on Azure Virtual Desktop’, this has turned into a significant issue for customers with large numbers of Azure hosted systems. Microsoft provides two workaround options as the attempt to resolve this issue. The first workaround is to manually add a registry key to the system as explained in the KB and the second is to use the Known Issue Rollback (KIR) which can be deployed via group policy as also explained in the KB.

And the final issue is the failure of VPM network access to systems in the Windows Subsystem for Linux (WSL) environment. This effectively isolates critical company resources from use. This has been an ongoing issue and Microsoft has yet to provide a solution, but maybe this Patch Tuesday?

Apple patches two actively exploited WebKit zero-days

Apple provided security updates for many of their products on December 12. If you were holding off deployment with the holidays so near, you’ll want to include them in your patch routine this month because there were two zero-day vulnerabilities identified. Apple stated with regards to CVE-2025-14174 and CVE-2025-43529, both in Webkit, Apple’s open source Web browser engine, that “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

January 2026 Patch Tuesday forecast

• We didn’t have a set of preview patches in late December, so you never know what to expect for the season opener. The usual Windows 10 ESU, Windows 11, and Server updates are expected to be light on CVEs due to downtime over the holidays. Last month we saw an Exchange Server update, so perhaps a SQL server update and .NET framework will be released.
• Adobe provided a small security update for Acrobat and Reader last month with just 4 CVEs and little else. We should see a large subset of Adobe Creative Cloud Apps with updates next Tuesday but probably not Acrobat and Reader again.
• It should be quiet from Apple next week but make sure you have the December 12 updates already deployed or in queue to address those zero-day vulnerabilities.
• Google released Chrome beta 144.0.7559.59 for Windows, Mac and Linux yesterday, so expect that version on Patch Tuesday.
• Mozilla has been releasing their updates on Patch Tuesday of late, so expect the latest security fixes for Firefox, Firefox ESR, and Thunderbird to be released.

I hope everyone had a nice break and is ready to jump back into the chaos we call patch management. With the growing popularity of AI, we could see significant changes coming to our community this year. But regardless of what happens, the need for the patch process will continue.