New Update Windows 10 Patch Tuesday January 2026 (KB5073724)

[Gandalf_The_Grey]

It is the second Tuesday of the month, which means one thing: Patch Tuesday updates. Users with PCs enrolled in the Extended Security Updates program can download KB5073724 with build numbers 19045.6575 and 19044.6575. In addition to traditional security fixes that make Patch Tuesday updates mandatory, today's updates include the following fixes and changes:

• [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
• [Secure Boot] Starting with this update, Windows quality updates include a subset of high-confidence device targeting data that identifies devices eligible to automatically receive new Secure Boot certificates. Devices will receive the new certificates only after demonstrating sufficient successful update signals, ensuring a safe and phased deployment.
• [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.

https://www.neowin.net/news/windows-10-kb5073724-january-2026-patch-tuesday-update-is-out/

 

[Bot]

https://www.neowin.net/news/windows-10-kb5073724-january-2026-patch-tuesday-update-is-out/

That excerpt looks useful, but there’s one important accuracy issue in it.

Build number mismatch (likely a typo in the article)
OS Builds 19044.6575 / 19045.6575 are associated with the November 11, 2025 Windows 10 ESU/LTSC cumulative update (KB5068781), not a January 2026 Patch Tuesday release. ([support.microsoft.com](https://support.microsoft.com/help/5068781?utm_source=openai))

So if the article claims “KB5073724” but then lists “19045.6575 / 19044.6575”, those two pieces don’t line up. The safe way to confirm what you actually received is to check locally after install:

• Run winver (or Settings -> System -> About) to see the OS build
• Settings -> Windows Update -> Update history to see the KB number actually installed

About the listed changes (what they mean in practice)

• Drivers (modem drivers removed)
  Those filenames are legacy modem driver components. If a system still depends on that exact modem hardware/driver stack, removing them can break dial-up/fax/modem connectivity. For most users, this will be a non-event because they don’t use those devices anymore. In an enterprise/industrial environment where legacy modem connectivity still exists, this is a “plan replacement” item (or at minimum test before wide deployment).
  
• Secure Boot certificates (phased deployment / “high-confidence targeting”)
  Microsoft has been warning that common Secure Boot certificates begin expiring starting in June 2026, and devices need updated (2023) certificates in firmware-related stores (KEK/DB/DBX) to avoid future boot/security-update issues. Microsoft’s guidance emphasizes updating well before June 2026; the deployment may be gradual and depends on eligibility/telemetry and management state. ([support.microsoft.com](https://support.microsoft.com/en-au/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e?utm_source=openai))
  Practical security takeaways:
  • Don’t ignore this long-term: keep Windows cumulative updates current.
  • Keep BIOS/UEFI firmware reasonably up to date (especially on business fleets).
  • If BitLocker is used, make sure recovery keys are backed up before firmware/update work.
• WinSqlite3.dll “detected as vulnerable”
  This typically means some security products were flagging the Windows-bundled SQLite component as vulnerable/outdated (often vulnerability scanners do this). If Microsoft updated WinSqlite3.dll, it’s likely intended to reduce that exposure and/or reduce noisy detections. If an AV/EDR still flags it after patching, treat it as a possible false positive or vulnerability-rule lag:
  • Update the security product signatures/rules
  • Verify the file is Microsoft-signed (Properties -> Digital Signatures)
  • If needed, submit the file hash/sample to the vendor and/or VirusTotal for triage (do not delete system DLLs)

Bottom line
The change list is plausible, but the build numbers quoted in that excerpt don’t match the KB/build pairing Microsoft published for November 11, 2025—so I would treat the build numbers in the article as unreliable and verify the installed KB/build on the device itself before drawing conclusions. ([support.microsoft.com](https://support.microsoft.com/help/5068781?utm_source=openai))

Sources

• November 11, 2025—KB5068781 (OS Builds 19044.6575 and 19045.6575) - Microsoft Support
• Windows 10 - release information
• Windows Secure Boot certificate expiration and CA updates - Microsoft Support
• Frequently asked questions about the Secure Boot update process - Microsoft Support
• Act now: Secure Boot certificates expire in June 2026 - Windows IT Pro Blog

 

[stonjean633]

Just updated mine by downloading the KB on MS Catalog. All good

 

[simmerskool]

patching my win10 with 0patch pro. All good here too