CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft Releases Windows 10 KB5073724 Extended Security Update

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft has released the KB5073724 extended security update for Windows 10, addressing three zero-day vulnerabilities and expiring Secure Boot certificates. The update is available for Windows 10 Enterprise LTSC and systems enrolled in the Extended Security Update (ESU) program. It removes specific modem drivers, updates the WinSqlite3.dll component, and phases in new Secure Boot certificates to prevent potential security breaches. The update brings Windows 10 to build 19045.6809 and Windows 10 Enterprise LTSC 2021 to build 19044.6809.

Timeline

  1. 13.01.2026 20:56 1 articles · 23h ago

    Microsoft Releases Windows 10 KB5073724 Extended Security Update

    Microsoft has released the KB5073724 extended security update for Windows 10, addressing three zero-day vulnerabilities and expiring Secure Boot certificates. The update removes specific modem drivers, updates the WinSqlite3.dll component, and phases in new Secure Boot certificates to prevent potential security breaches. The update brings Windows 10 to build 19045.6809 and Windows 10 Enterprise LTSC 2021 to build 19044.6809.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft January 2026 Patch Tuesday Addresses 3 Zero-Days, 114 Flaws

Microsoft's January 2026 Patch Tuesday addresses 114 vulnerabilities, including three zero-days: one actively exploited (CVE-2026-20805) and two publicly disclosed (CVE-2026-21265 and CVE-2023-31096). The updates cover a range of flaw types, with eight classified as 'Critical,' including remote code execution and elevation-of-privilege vulnerabilities. CVE-2026-20805 is an information disclosure vulnerability in the Desktop Window Manager that leaks sensitive memory details, allowing attackers to weaken system protections. CVE-2026-21265 affects nearly every Windows bootloader since Windows 8, with certificates set to expire in June and October 2026. CVE-2023-31096 is an elevation of privilege (EoP) in the Agere Modem driver, and Microsoft has removed agrsm64.sys and agrsm.sys from Windows. Microsoft has started automatically replacing expiring Secure Boot certificates on eligible Windows 11 24H2 and 25H2 systems to prevent potential security issues. Additionally, two critical Microsoft Office remote code execution bugs (CVE-2026-20952 and CVE-2026-20953) were patched, which can be triggered by viewing a booby-trapped message in the Preview Pane. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20805 to its Known Exploited Vulnerabilities (KEV) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the latest fixes by February 3, 2026. CVE-2026-20876 is a critical-rated privilege escalation flaw in Windows Virtualization-Based Security (VBS) Enclave, enabling an attacker to obtain Virtual Trust Level 2 (VTL2) privileges.

Open in new tab