For January, Patch Tuesday starts off with a bang

AndyC 17 January 2026

After installing KB5074109, KB5073455, or KB5073724, users connecting to Azure Virtual Desktop or Windows 365 Cloud PCs via the Windows App could experience authentication errors and credential prompt failures. Microsoft is preparing an out-of-band fix.

[…Keep reading]

Apple Silicon: As demand grows, is TSMC driving a harder bargain?

Apple Silicon: As demand grows, is TSMC driving a harder bargain?

After installing KB5074109, KB5073455, or KB5073724, users connecting to Azure Virtual Desktop or Windows 365 Cloud PCs via the Windows App could experience authentication errors and credential prompt failures. Microsoft is preparing an out-of-band fix. In the meantime, enterprise teams should direct affected users to connect via the Remote Desktop client for Windows (MSRDC) or the Windows App Web Client.

A small number of users might notice that the password icon on the Windows login screen is not visible. This has been an ongoing issue since the August 2025 update. Microsoft published a Known Issue Rollback (KIR) to address Pro and Home users. Enterprise deployments should use an updated Group Policy to restore the icon.

This update intentionally removes legacy Agere and Motorola soft modem drivers (agrsm64.sys, agrsm.sys, smserl64.sys, smserial.sys) to address CVE-2023-31096, an elevation of privilege vulnerability. Notably, the mere presence of these drivers — even without a modem connected — rendered systems vulnerable. Hardware dependent on these drivers will no longer function after applying the January updates.

As we noted in December, the 2011 certificates currently used by most Windows devices will begin expiring in June, with a second batch expiring this coming October. Devices that do not receive the updated 2023 certificates could fail to boot securely or stop receiving future Secure Boot security fixes. 

Resolved issues

This is a new section to our monthly rundown. Depending on future Microsoft updates, this section may evolve or get integrated in platform specific sections. The January release resolves several issues that had been affecting enterprise environments:

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , ,

More Stories

Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes

Cyber Fraud, Not Ransomware, is Now Businesses’ Top Security Concern

AndyC 17 January 2026
AI Is Hard Work

AI Is Hard Work

AndyC 17 January 2026
Inside the Rise of the Always Watching, Always Learning Enterprise Defense System 

From Quantum Resilience to Identity Fatigue: Three Trends Shaping Print Security in 2026 

AndyC 17 January 2026
Detecting forged browser fingerprints for bot detection, lessons from LinkedIn

Detecting forged browser fingerprints for bot detection, lessons from LinkedIn

AndyC 17 January 2026
Microsoft’s January Security Update of High-Risk Vulnerability Notice for Multiple Products

Your Android App Needs Scanning – Best Android App Vulnerability Scanner in 2026

AndyC 16 January 2026
News alert: BreachLock unveils agentic AI pen testing that mimics attacker behavior on web apps

News alert: BreachLock unveils agentic AI pen testing that mimics attacker behavior on web apps

AndyC 16 January 2026

You may have missed

Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people

Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people

AndyC 17 January 2026
Microsoft’s Patch Tuesday updates: Keeping up with the latest fixes

Cyber Fraud, Not Ransomware, is Now Businesses’ Top Security Concern

AndyC 17 January 2026
Apple Silicon: As demand grows, is TSMC driving a harder bargain?

For January, Patch Tuesday starts off with a bang

AndyC 17 January 2026
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

AndyC 17 January 2026
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts

AndyC 17 January 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.