Today is the monthly 'Windows Update' day, with patches for Windows 11 and Windows 10, and automatic updates for expired Secure Boot certificates.
The monthly Windows Update, which delivers security updates and bug fixes for Windows, has been released. The Windows Update released on January 14, 2026 (Japan time) includes five 'Critical' updates and three 'Important' updates.
January 2026 security updates (monthly)
https://www.microsoft.com/en-us/msrc/blog/2026/01/202601-security-update
The January 2026 Microsoft Monthly Security Updates have been released. Updates are automatically applied by default. For organizations that manage updates, we have published an overview on our blog. Please refer to this and deploy updates as soon as possible. https://t.co/6Z7VQmTCA8 #Security #Updates #Microsoftpic.twitter.com /pPnSkOuKmt
— Microsoft Security Team (@JSECTEAM) January 13, 2026
Windows 11 KB5074109 & KB5073455 cumulative updates released
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5074109-and-kb5073455-cumulative-updates-released/
Microsoft releases Windows 10 KB5073724 extended security update
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5073724-extended-security-update/
New Windows updates replace expiring Secure Boot certificates
https://www.bleepingcomputer.com/news/security/microsoft-rolls-out-new-secure-boot-certificates-for-windows-devices/
The Windows Updates for Windows 11 25H2 are 'KB5074109', for Windows 11 23H2 are 'KB5073455', and for Windows 10 are 'KB5073724'.
The list of security updates for January 2026 is as follows:
| Target products | maximum severity | The biggest impact | Related knowledge base articles or support web pages |
|---|---|---|---|
| Windows 11 v25H2, v24H2, v23H2 | emergency | Remote code execution possible | v25H2, v24H2: 5074109 v23H2: 5073455 |
| Windows Server 2025 (including Server Core installation) | emergency | Remote code execution possible | |
| Windows Server 2022, 23H2 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2022: 5073457 Windows Server 23H2: 5073450 |
| Windows Server 2019, 2016 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2019: 5073723 Windows Server 2016: 5073722 |
| Microsoft Office | emergency | Remote code execution possible | |
| Microsoft SharePoint | important | Remote code execution possible | https://learn.microsoft.com/officeupdates/sharepoint-updates |
| Microsoft SQL Server | important | Privilege Escalation | |
| Microsoft Azure | important | Remote code execution possible |
Of the vulnerabilities fixed in this month's security updates, the following vulnerabilities have been confirmed to have been exploited in the wild or details of the vulnerabilities were publicly disclosed prior to the release of the updates.
CVE-2023-31096
MITRE: CVE-2023-31096 Privilege Escalation Vulnerability in Windows Agere Softmodem Driver
CVE-2026-21265
Security feature bypass vulnerability due to expired Secure Boot certificate
CVE-2026-20805
Desktop Window Manager Information Disclosure Vulnerability
Microsoft began automatically replacing expiring Secure Boot certificates in Windows 11 24H2 and 25H2, which are eligible for Windows Update. Secure Boot is a security feature that blocks malicious software (such as rootkit malware) from running during the system startup sequence by ensuring that only trusted boot loaders are loaded on computers with UEFI firmware. This is achieved by verifying the digital signature of software against a set of trusted digital certificates stored in the device's firmware.
Microsoft explains, 'The Secure Boot certificate used on most Windows devices is scheduled to expire starting in June 2026. If not updated in time, this may affect the secure boot ability of certain personal and business devices.' 'Starting with this update, Windows quality updates will include a subset of trusted device targeting data that identifies devices that can automatically receive the new Secure Boot certificate. Devices will only receive the new certificate if they demonstrate sufficient update success signals, ensuring a safe and gradual rollout.'
IMPORTANT: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and…
— Windows Update (@WindowsUpdate) January 13, 2026
Microsoft explains that if Secure Boot certificates are not updated, 'without updating, Secure Boot-enabled Windows devices are at risk of not receiving security updates or being able to trust new boot loaders, compromising both maintainability and security.'
Windows Update is released on the second Tuesday of every month in the US, and the next update is scheduled to be available on Wednesday, February 11, 2026, Japan time.
Related Posts:
