Table of Contents
Did the January 2026 Windows update finally patch the CVE-2025-6965 vulnerability?
Security Advisory: Windows SQLite Vulnerability Resolution
The January 13, 2026, Windows cumulative security updates have resolved the persistent vulnerability affecting WinSqlite3.dll. If your security software previously flagged this file within the System32 directory, the latest patch addresses the root cause. This update eliminates the need for manual workarounds or risk acceptance regarding this specific component.
The Vulnerability Timeline
The issue originated from an outdated version of the SQLite library embedded within the Windows operating system. SQLite is an open-source relational database engine widely used by developers.
In May 2025, security researchers identified CVE-2025-6965, a vulnerability affecting SQLite versions prior to 3.50.2. While the open-source community patched this promptly, the version integrated into Windows remained stagnant. By September 2025, security organizations like OpenWall publicized the risk, prompting scanners such as Tenable to flag the C:\Windows\System32\winsqlite3.dll file as dangerous.
Microsoft’s Response and Resolution
Between October 2025 and early January 2026, users reported this discrepancy on Microsoft Learn. The core concern was that Microsoft utilized open-source components but failed to maintain them, leaving systems exposed despite active Windows Updates.
Microsoft acknowledged this as a “Known Issue” in late 2025. The solution arrived with the January 2026 Patch Tuesday cycle. Documentation for updates such as KB5074109 (Windows 11 24H2-25H2) confirms the replacement of the vulnerable DLL.
Action Required: Ensure your system has installed the January 13, 2026, cumulative update. Once installed, re-run your endpoint security scans; the alert for the System32 file should disappear.
Critical Distinction: WinSqlite3.dll vs. sqlite3.dll
It is vital to distinguish between two similarly named files to ensure total system security.
- WinSqlite3.dll: This is a core Windows component located in System32. Microsoft manages this file. Status: Fixed via Windows Update.
- sqlite3.dll: This file typically belongs to third-party applications and resides in application-specific folders. Microsoft does not manage this file. Status: Dependent on App Developers.
If your security scanner continues to report a vulnerability in sqlite3.dll after the Windows update, the issue lies with a specific program installed on your machine, not the operating system. You must contact the vendor of that specific application for a patch or update the application via the Microsoft Store.