Hello and welcome to the Wednesday, January 14th, 2026 edition of the Sands Internet Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in cyber security leadership.

Well, of course, the topic today is Microsoft's patch Tuesday. We got our first patch Tuesday for

26 and it was sort of, well, I would sort of say a little bit average patch Tuesday, nothing really all that terribly exciting.

We got a total of 113 vulnerabilities addressed, which includes one vulnerability in Microsoft Edge,

which really is a chromium vulnerability ported over to Microsoft's edge browser.

Then there were eight critical vulnerabilities in this set,

and one vulnerability is already being exploited,

and the second one that has been disclosed.

Let's actually start with the disclosed vulnerability,

because that's a relatively straightforward one.

The problem here is that the certificates being used for secure boot need to be rotated as so often with cryptographic keys.

They expire after a while these certificates.

So that's really what this is about.

If that doesn't happen, then of course,

you end up with expired certificates, which then could be used by an attacker to essentially

bypass secure boot. But yes, this new update now basically just loads the latest certificates

into the operating system, which then should basically protect

secure boot again and prevent this expiration from happening.

The second issue, and that's the one that's already being exploited, is a little bit tricky.

It's a problem with the LPC port. It's sort of an RPC mechanism in

Windows and this particular vulnerability is really more information disclosure vulnerability

...