Flexis January 2026 Patch Recommendation
Patches Microsoft released in January 2026
- KB5073457: 2026-01 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems
- KB5073723: 2026-01 Cumulative Update for Windows Server 2019 for x64-based Systems
- KB5073447: 2026-01 Servicing Stack Update for Windows Server 2016 for x64-based Systems
- KB5073722: 2026-01 Cumulative Update for Windows Server 2016 for x64-based Systems
Get Help With Patching, Talk to a Patching Expert.
Impacted Products:
Microsoft Windows
Microsoft Edge
(HTML-based)
Microsoft Edge
(Chromium-based)
Internet Explorer
Microsoft Office and Microsoft Office Services and Web Apps
Windows Defender
Visual Studio
ASP.NET Core
Chakra Core
Microsoft Dynamics
.NET Framework
.NET Core
Please note the following information regarding the security updates:
Windows 10 Enterprise and Education and Windows 10 Home and Pro Lifecycle pages, Windows 10 was ended on October 14, 2025. The current version, 22H2, will be the final version of Windows 10. The following editions will remain in support with monthly security update releases through that date:
Home
Pro
Pro Education
Pro for Workstations
Education
Enterprise
Enterprise multi-session
KB5073457: Windows Server 2022
Improvements
This security update contains fixes and quality improvements from KB5071547 (released December 9, 2025). The following summary outlines key issues addressed by this update. Also, included are available new features. The bold text within the brackets indicates the item or area of the change.
- [Compatibility] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [Remote Desktop] Fixed: This update addresses an issue that causes SearchIndexer (the Windows service that indexes files for search) to stop responding on Citrix hosts, which might prevent users from starting remote sessions.
- [Windows Deployment Services (WDS] This update introduces a change in behavior in which WDS will stop supporting hands-free deployment functionality by default. Detailed guidance for IT administrators is available in Windows Deployment Services (WDS) HandsFree Deployment Hardening Guidance.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Note: WinSqlite3.dll is a separate component from sqlite3.dll, which is found in application-specific directories and is not a Windows component. If security applications continue to detect sqlite3.dll as vulnerable, contact the developer of the app using sqlite3.dll for an update. If sqlite3.dll is being used by a Microsoft app, install the latest version of the app from the Microsoft Store.
Known issues in this update
After installing KB5070884 or later updates, Windows Server Update Services (WSUS) does not display synchronization error details within its error reporting. This functionality is temporarily removed to address the Remote Code Execution Vulnerability, CVE-2025-59287.
Symptoms
After installing the January 2026 security update (KB5073457), released on January 13, 2026, credential prompt failures occurred during Remote Desktop connections using the Windows App on Windows client devices, impacting Azure Virtual Desktop and Windows 365. The issue affects Windows App on specific Windows builds, causing sign-in failures.
Workaround
This issue is addressed in KB5077800.
KB5073723: Windows Server 2019 Win 10 Ent LTSC 2019
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.
Summary
Windows 10, Version 1809
Applies to: Windows 10 Enterprise LTSC 2021
Applies to: Win 10 Ent LTSC 2019
This security update includes fixes and quality improvements that are part of the following update:
The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.
- [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Note: WinSqlite3.dll is a separate component from sqlite3.dll, which is found in application-specific directories and is not a Windows component. If security applications continue to detect sqlite3.dll as vulnerable, contact the developer of the app using sqlite3.dll for an update. If sqlite3.dll is being used by a Microsoft app, install the latest version of the app from the Microsoft Store.
Windows Server 2019
Applies to: Windows Server 2019 (All editions)
Applies to: Windows Server 2019
This security update includes fixes and quality improvements that are part of the following update:
The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.
- [Windows Deployment Services (WDS)] This update introduces a change in behavior in which WDS will stop supporting hands-free deployment functionality by default. Admins should review guidance and follow instructions provided in Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance.
- [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Note: WinSqlite3.dll is a separate component from sqlite3.dll, which is found in application-specific directories and is not a Windows component. If security applications continue to detect sqlite3.dll as vulnerable, contact the developer of the app using sqlite3.dll for an update. If sqlite3.dll is being used by a Microsoft app, install the latest version of the app from the Microsoft Store.
Known issues in this update
Symptoms
After installing this security update, credential prompt failures occurred during Remote Desktop connections using the Windows App on Windows client devices, impacting Azure Virtual Desktop and Windows 365. The issue affects Windows App on specific Windows builds, causing sign-in failures.
Resolution
This issue is resolved in Windows updates released on and after January 17, 2026 (such as KB5077795). We recommend you install the latest Windows update for your device as it contains important improvements and issue resolutions, including this one.
KB5073447: - Windows Server 2016, all editions Win 10 Ent LTSB 2016
Support for Windows Server 2016 will end in January 2027
After January 12, 2027, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows Server 2016. We recommend that you upgrade to a later version of Windows Server.
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.
Summary
This servicing stack update (SSU) makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates make sure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.
Important Not installing the latest SSU before applying Windows updates might result in the Windows update not being offered until the latest SSU is installed.
KB5073722:- Windows Server 2016, all editions Win 10 Ent LTSB 2016
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.
Windows Server 2016
Applies to: Windows Server 2016
This security update includes fixes and improvements that are a part of the following update:
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
- [Windows Deployment Services (WDS)] This update introduces a change in behavior in which WDS will stop supporting hands-free deployment functionality by default. Admins should review guidance and follow instructions provided in Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance.
- [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Note: WinSqlite3.dll is a separate component from sqlite3.dll, which is found in application-specific directories and is not a Windows component. If security applications continue to detect sqlite3.dll as vulnerable, contact the developer of the app using sqlite3.dll for an update. If sqlite3.dll is being used by a Microsoft app, install the latest version of the app from the Microsoft Store.
Windows 10, version 1607
Applies to: Win 10 Ent LTSB 2016
This security update includes fixes and improvements that are a part of the following update:
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
- [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Note: WinSqlite3.dll is a separate component from sqlite3.dll, which is found in application-specific directories and is not a Windows component. If security applications continue to detect sqlite3.dll as vulnerable, contact the developer of the app using sqlite3.dll for an update. If sqlite3.dll is being used by a Microsoft app, install the latest version of the app from the Microsoft Store.