Article Details

Microsoft releases Windows 10 KB5073724 extended security update. Microsoft has released the KB5073724 extended security update to fix the Patch Tuesday security updates, including 3 zero-days and a fix for expiring Secure Boot certificates. If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.' After installing this update, Windows 10 will be updated to build 19045.6809, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6809. What's new in Windows 10 KB5073724 Microsoft is no longer releasing new features for Windows 10, and the KB5073724 update contains only security fixes and bug fixes introduced by previous security updates. With today's January 2026 Patch Tuesday, Microsoft has fixed 114 vulnerabilities, including three zero day flaws. KB5073724 fixes an actively exploited elevation of privileges vulnerability in the built-in Agere modem drivers, a security flaw in the third-party WinSqlite DLL, and updates to address the upcoming expiration of Secure Boot certificates. Since June 2025, Microsoft has warned that multiple Windows Secure Boot certificates issued in 2011 are expiring in 2026, and systems that do not update them risk breaking Secure Boot protections. Expiring Certificate Expiration date New Certificate Storing location Purpose Microsoft Corporation KEK CA 2011 June 2026 Microsoft Corporation KEK 2K CA 2023 Stored in KEK Signs updates to DB and DBX. Microsoft Windows Production PCA 2011 Oct 2026 Windows UEFI CA 2023 Stored in DB Used for signing the   Windows boot loader. Microsoft UEFI CA 2011* June 2026 Microsoft UEFI CA 2023 Stored in DB Signs third-party boot loaders and EFI applications. Microsoft UEFI CA 2011* June 2026 Microsoft Option ROM UEFI CA 2023 Stored in DB Signs third-party option ROMs These certificates are used to validate Windows boot components, third-party bootloaders, and Secure Boot revocation updates.  If the certificates expire, then Secure Boot may break, allowing threat actors to bypass protections. As part of today's update, Microsoft is now rolling out targeted updates to systems that update Secure Boot certificates. These updates will be rolled out to additional systems over time. Microsoft states that there are no known issues with this update. Secrets Security Cheat Sheet: From Sprawl to Control Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start. Get the cheat sheet and take the guesswork out of secrets management.