Black Arrow Cyber Advisory - 14 January 2026 - Security Updates - Microsoft, SAP, Adobe

Written By Black Arrow Admin

Executive Summary

January’s security releases are dominated by Microsoft’s Patch Tuesday, which addresses over a hundred CVEs and includes an actively exploited zero-day, alongside SAP fixes containing multiple critical issues and Adobe updates across key Creative Cloud applications plus ColdFusion. The highest risks this month centre on remote code execution, elevation of privilege, and injection flaws affecting business-critical and user-facing systems. Prioritise patching for internet-facing services, identity and access components, and widely deployed endpoint and productivity tooling.

Vulnerabilities by Vendor

  • Microsoft[1]: 112 vulnerabilities, affecting Windows, Microsoft 365 and Office, browser components, developer tools, and enterprise services. Prioritise updates addressing actively exploited vulnerabilities and critical remote code execution or privilege escalation paths, especially on internet facing and end user endpoints.

  • SAP[2]: 19 vulnerabilities affecting SAP S/4HANA (private cloud and on premise), SAP HANA, SAP NetWeaver (including AS ABAP and Enterprise Portal), RFCSDK, Identity Management, and supporting components. Prioritise critical and high severity fixes first, particularly where systems are exposed to users, integrations, or administrative workflows.

  • Adobe[3]: 25 vulnerabilities affecting Creative Cloud applications (including Dreamweaver, InDesign, Illustrator, InCopy, Bridge, and Substance 3D tools) plus ColdFusion. Prioritise updates that address arbitrary code execution, and treat ColdFusion as urgent where it is deployed in production or accessible to untrusted inputs.

What’s the risk to me or my business?

The presence of actively exploited zero-days and critical RCE/privilege escalation vulnerabilities across major enterprise platforms significantly elevates the risk of data breaches, lateral movement, malware deployment, and full system compromise.

What can I do?

Black Arrow recommends promptly applying the available security updates for all affected products. Prioritise patches for vulnerabilities that are actively exploited or rated as critical or high severity. Regularly review and update your organisation's security policies and ensure that all systems are running supported and up-to-date software versions.

Footnotes:
1 Microsoft — https://msrc.microsoft.com/update-guide/releaseNote/2026-Jan
2 SAP — https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2026.html
3 Adobe — https://helpx.adobe.com/security.html

Black Arrow Admin
Next

Black Arrow Cyber: 5 Cyber Predictions for Business Leaders in 2026, and What You Need to Do