Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates.

If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.'

After installing this update, Windows 10 will be updated to build 19045.6809, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6809.

What's new in Windows 10 KB5073724

Microsoft is no longer releasing new features for Windows 10, and the KB5073724 update contains only security fixes and bug fixes introduced by previous security updates.

With today's January 2026 Patch Tuesday, Microsoft has fixed 114 vulnerabilities, including three zero day flaws.

KB5073724 fixes an actively exploited elevation of privileges vulnerability in the built-in Agere modem drivers, a security flaw in the third-party WinSqlite DLL, and updates to address the upcoming expiration of Secure Boot certificates.

• [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.
• [Secure Boot] Starting with this update, Windows quality updates include a subset of high confidence device targeting data that identifies devices eligible to automatically receive new Secure Boot certificates. Devices will receive the new certificates only after demonstrating sufficient successful update signals, ensuring a safe and phased deployment.
• [WinSqlite3.dll] Fixed: The Windows core component, WinSqlite3.dll, has been updated. Previously, some security software might have detected this component as vulnerable. 

Since June 2025, Microsoft has warned that multiple Windows Secure Boot certificates issued in 2011 are expiring in 2026, and systems that do not update them risk breaking Secure Boot protections.

These certificates are used to validate Windows boot components, third-party bootloaders, and Secure Boot revocation updates.  If the certificates expire, then Secure Boot may break, allowing threat actors to bypass protections.

As part of today's update, Microsoft is now rolling out targeted updates to systems that update Secure Boot certificates. These updates will be rolled out to additional systems over time.

Microsoft states that there are no known issues with this update.