January 13, 2026—KB5073722 (OS Build 14393.8783) (original) (raw)
Applies To
Windows Server 2016, all editions Win 10 Ent LTSB 2016
Version:
OS Build 14393.8783
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the past months. Devices that haven’t received the newer certificates will continue to start and operate normally, and standard Windows updates will continue to install. We will continue to install the newer certificates via Windows updates in the coming months.
You can check your PC status on the Windows Security app. If you are an IT administrator, follow the guidance on the Secure Boot Playbook for Windows clients and Windows Server.
| Change date | Change description |
|---|---|
| February 12, 2026 | Added an improvement for [Credentials autofill]. |
| January 17, 2026 | Removed the known issue "Connection and authentication failures in Azure Virtual Desktop and Windows 365" as it was determined that the issue did not affect Windows Server 2016 or Windows 10 Enterprise LTSB 2016. |
Summary
Applies to: Windows Server 2016
This security update includes fixes and improvements that are a part of the following update:
- December 9, 2025—KB5071543 (OS Build 14393.8688)
- December 18, 2025—KB5074974 (OS Build 14393.8692) Out-of-band
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
- [Credentials autofill] This update introduces a security hardening behavior restricting certain applications to autofill credentials during remote support sessions or automated authentication workflows. With this change, credential dialogs do not respond to virtual keyboard input from remote desktop or screen sharing tools or apps. For more information, see New behavior restricting certain applications to autofill credentials introduced by the Windows January 2026 security update.
- [Windows Deployment Services (WDS)] This update introduces a change in behavior in which WDS will stop supporting hands-free deployment functionality by default. Admins should review guidance and follow instructions provided in Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance.
- [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Note: WinSqlite3.dll is a separate component from sqlite3.dll, which is found in application-specific directories and is not a Windows component. If security applications continue to detect sqlite3.dll as vulnerable, contact the developer of the app using sqlite3.dll for an update. If sqlite3.dll is being used by a Microsoft app, install the latest version of the app from the Microsoft Store.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the January 2026 Security Updates.
For more information about Windows 10, version 1607, see its update history page.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.
Known issues in this update
We are currently not aware of any issues with this update.
How to get this update
Before you install this update
To install updates released on or after January 14, 2025, we recommend you first install the latest Servicing Stack Update (SSU). If your device or offline image does not have the latest SSU installed, you might not be able to install this update.
Caution Until you install the SSU, this update might not be offered to your device. To reduce your security risk, install the SSU as soon as possible.
- If you use Windows Update, the latest SSU (KB5073447) will be offered to you automatically. If the latest SSU is not installed, you might not be able to install this update.
- If you use Windows Update for Business, the latest SSU (KB5073447) will be offered to you automatically. If the latest SSU is not installed, you might not be able to install this update.
- If you use the Update Catalog, we recommend you download and install the latest SSU (KB5073447). If the latest SSU is not installed, you might not be able to install this update.
- If you are a Windows Server Update Services (WSUS) administrator, you must approve SSU KB5073447 and this update KB5073722.
For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Install this update
To install this update, use one of the following Windows and Microsoft release channels.
| Available | Next Step |
|---|---|
 |
This update will be downloaded and installed automatically from Windows Update and Microsoft Update. |
File information
A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.