Table of Contents
What Hidden Fixes and Known Issues Lurk in the Latest Windows Server Patch Tuesday Updates?
Microsoft released the January 2026 cumulative updates for Windows Server on January 13. These updates enforce significant changes alongside standard security patches. Administrators must note two global changes affecting all supported versions. First, Microsoft has removed legacy modem drivers (agrsm64.sys, agrsm.sys, smserl64.sys, smserial.sys). Hardware relying on these drivers will cease functioning immediately after you update. Second, Windows Deployment Services (WDS) now disables “hands-free” deployment by default to harden security. You must review your deployment workflows to prevent disruptions.
Windows Server 2025: Key Fixes for AVD and Hotpatching
The flagship operating system received cumulative update KB5073379 (OS Build 26100.32230). This update resolves a critical connectivity issue in Azure Virtual Desktop (AVD) environments where RemoteApp sessions failed following the December update (KB5072033).
Microsoft also repaired the Hotpatching mechanism. Devices that previously installed the out-of-band update KB5070881 stopped receiving subsequent Hotpatch updates. Installing this January baseline restores the correct update flow. Additionally, the update refines Secure Boot by implementing high-confidence device targeting. This ensures only eligible devices receive new Secure Boot certificates, preventing boot failures during phased deployments.
Windows Server 2022 and 23H2: Stability for Core Apps
Updates KB5073450 (for version 23H2) and KB5073457 (for Server 2022) focus on application stability. A severe bug causing applications like Outlook, Teams, Edge, Chrome, and Excel to crash during text entry has been fixed. This resolution is vital for terminal server environments where user experience was degraded by these unexpected closures.
Both updates inherit the global removal of the legacy modem drivers mentioned above. Administrators managing older hardware peripherals should audit their driver dependencies before deployment.
Legacy Versions (2019, 2016, 2012)
Older infrastructure continues to receive security support through their respective cumulative updates:
- Windows Server 2019: Update KB5073723 applies the WDS hardening and driver removals.
- Windows Server 2016: Update KB5073722 mirrors these changes.
- Windows Server 2012 / R2: Devices with Extended Security Update (ESU) licenses received KB5073696 (R2) and KB5073698 (2012). These updates are strictly for security and compliance; no new features are included.
Expert Technical Insight: WSUS and WinSqlite3
Beyond the standard patch notes, technical teams should be aware of a nuance regarding WinSqlite3.dll. Microsoft updated this core component to resolve false positive vulnerabilities detected by security software. It is important to distinguish this Windows component from the standard sqlite3.dll found in third-party applications. If your scanners still flag sqlite3.dll, you must update the specific application using it, as this OS patch does not touch application-local libraries.
Finally, a known issue affects Windows Server Update Services (WSUS) after these updates. WSUS may fail to display synchronization error details. This functionality was temporarily disabled to mitigate a Remote Code Execution vulnerability (CVE-2025-59287), so blind troubleshooting of sync errors may be necessary in the short term.