KB5073722 is the cumulative update for Windows Server 2016 and Windows Server 2016 Server Core installation. It was released on 13 January 2026 under the ‘Patch Tuesday’ release cycle.
Salient points
- KB5073722 supersedes December 2025 cumulative update KB5071543.
- KB5073722 corresponds to build 14393.8783.
- KB5073722 also includes all changes that are part of the out of band security update KB5074974 released on 18 December 2025.
- 50 Security vulnerabilities were disclosed by Microsoft for Windows Server 2016 in January 2026 security bulletin.
- 3 zero-day vulnerabilites have been reported for Windows Server 2016 in January 2026. These need to be resolved on a priority basis by installing the latest cumulative security update.
- One CRITICAL vulnerability has been reported for Windows Server 2016 in January 2026.
- The Servicing Stack Update corresponding to KB5073722 is KB5073447. For automated deployments of security updates (Windows Update and Windows Update for Business), the installation is included in the main cumulative update installation process. For manual patching, you will need to download and install the SSU KB5073447 before installing KB5073722.
Important Reminders
- Support for cumulative updates for Windows Server 2016 will end on 12 January 2027.
- Secure booth certificates for Windows Server 2016 will expire in June 2026, Both UEFI Secure Boot DB and KEK need to be updated with the corresponding new 2023 certificate versions.
Servicing Stack Update KB5073447
KB5073447 is the Servicing Stack Update (SSU) for Windows Server 2016. For automated deployments of KB5073722, KB5073447 is automatically offered for installation as part of the installation of the main cumulative update.
For manual installations of KB5073722, you would need to download and install KB5073447 before installing KB5073722.
You can download the SSU KB5073447 from the Microsoft Update Catalog page:
Installing the Servicing Stack Update would not cause the server to reboot or restart. So, you could directly proceed with the installation of the main cumulative update for Windows Server 2016.
Zero-day Security vulnerabilities
Three zero-day vulnerabilities have been reported for Windows Server 2016 or Windows Server 2016 Server Core installation in January 2026.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2023-31096 | 7.8 | Elevation of Privilege Vulnerability in Windows Agere Soft Modem Driver |
| CVE-2026-21265 | 6.4 | Secure Boot Certificate Expiration Security Feature Bypass Vulnerability |
| CVE-2026-20805 | 5.5 | Desktop Window Manager Information Disclosure Vulnerability |
Critical vulnerabilities
The January security bulletin for Windows Server 2016 reports 50 security vulnerabilities. One of these vulnerabilities has a CRITICAL security severity. Details of the vulnerability are shared below.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2026-20822 | 7.8 | Windows Graphics Component Elevation of Privilege Vulnerability |
Download KB5073722
You may download the offline installer file for KB5073722 from the catalog site link shared below:
Upon installation of KB5073722, the server would restart.
Changelog – KB5073722
The following changes or improvements are part of KB5073722 for Windows Server 2016:
- [Internal Windows OS] This update contains miscellaneous security improvements to internal Windows OS functionality. No specific issues are documented for this release.
- [Windows Deployment Services (WDS)] This update introduces a change in behavior in which WDS will stop supporting hands-free deployment functionality by default. Admins should review guidance and follow instructions provided in Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance.
- [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Simplifying technology, one step at a time.