KB5074109 is the cumulative update for Windows Server 2025 version 24H2. It was released on 13 January 2026 under the ‘Patch Tuesday’ program of Microsoft.
Salient points
- KB5074109 supersedes December 2025 cumulative update KB5072033 for Windows Server 2025.
- KB5074109 security update corresponds to the build 26100.7623.
- In January, a total of 83 security vulnerabilities are reported by Microsoft in the latest security report that affect Windows Server 2025.
- 3 zero-day vulnerabilities affect Windows Server 2025.
- One CRITICAL security vulnerability affects Windows Server2025 while the remaining are IMPORTANT severity.
- The Servicing Stack Update corresponding to KB5074109 is KB5071142 (26100.7295). It is in-built in the main cumulative update. Separate installation of the SSU or Servicing Stack is not needed.
- The AI components remain at December versions 1.2511.1224.0. The AI components updated include the image search, content extraction, and semantic analysis.
Zero-day vulnerabilities
Three zero-day vulnerability affects Windows Server 2025 24H2 edition. The zero-day vulnerabilities are either publicly disclosed or have proven instances of exploitation. In this case, it has been found that the zero-day has been exploited by threat actors. So, immediate patching of the security update is needed.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2023-31096 | 7.8 | Elevation of Privilege Vulnerability in Windows Agere Soft Modem Driver |
| CVE-2026-21265 | 6.4 | Secure Boot Certificate Expiration Security Feature Bypass Vulnerability |
| CVE-2026-20805 | 5.5 | Desktop Window Manager Information Disclosure Vulnerability |
Critical vulnerabilities
One single Critical vulnerability has been disclosed on Windows Server 2025 in the Jan 2026 security bulletin.
| CVE Details | CVSS Score | Comments |
|---|---|---|
| CVE-2026-20822 | 7.8 | Windows Graphics Component Elevation of Privilege Vulnerability |
AI Components
The following AI components for Windows Server 2025 continue to use the version 1.2511.1224.0:
- Image Search
- Content Extraction
- Semantic Analysis
- Settings Model
Download KB5074109
You may download the offline installer file for KB5074109 from the catalog site link shared below:
The update file is available for x64 and ARM64 deployments. Upon installation of KB5074109, the server would restart. So, do plan as a structured change.
Changelog – KB5074109
The following changes or improvements are part of KB5074109 for Windows Server 2025:
- This update addresses security issues detected and shared for Windows Server 2025 24H2 editions.
- [Compatibility] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
- [Networking (known issues)]
- Fixed: This update addresses an issue where mirrored networking in Windows Subsystem for Linux (WSL) could fail causing “No route to host” errors and preventing access to corporate resources over VPN connections, even when the Windows host remained connected. This might occur after installing KB5067036.
- Fixed: This update addresses an issue where you might experience RemoteApp connection failures in Azure Virtual Desktop environments. This might occur after installing KB5070311.
- [Power & Battery] Fixed: This update addresses an issue where devices with a Neural Processing Unit (NPU) might stay powered on when idle. This could affect power performance.
- [Secure Boot] Starting with this update, Windows quality updates include a subset of high confidence device targeting data that identifies devices eligible to automatically receive new Secure Boot certificates. Devices will receive the new certificates only after demonstrating sufficient successful update signals, ensuring a safe and phased deployment.
- [Windows Deployment Services (WDS)] This update introduces a change in behavior in which WDS will stop supporting hands-free deployment functionality by default. Detailed guidance for IT administrators is available in Windows Deployment Services (WDS) Hands‑Free Deployment Hardening Guidance.
- [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable.
Important Reminder for Secure Boot Services
It is important to note that the Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Secure Boot is a security feature in Unified Extensible Firmware Interface (UEFI) based firmware that helps ensure that only trusted software runs during a device’s boot (start) sequence.
Since Windows introduced Secure Boot support, all Windows-based devices have carried the same set of Microsoft certificates in the KEK and DB. These original certificates are nearing their expiration date, and your device is affected if it has any of the listed certificate versions. To continue running Windows and receiving regular updates for your Secure Boot configuration, you will need to update these certificates.
Simplifying technology, one step at a time.