Patch Tuesday Archives

Winsage

January 18, 2026

Windows 11 KB5074109 issues: black screen, freezes Outlook POP, breaks Azure Virtual Desktop, LocalizedResourceName (desktop.ini)

Windows 11 KB5074109 has caused several issues for users, particularly those with Nvidia GPUs, including black screens, Outlook freezing with POP accounts, and problems with File Explorer's desktop.ini settings. Users have reported random black screens and desktop freezes after installing the update, with some finding temporary relief by changing their monitor's DisplayPort mode. Outlook Classic has been problematic, remaining active in the background and freezing shortly after opening, prompting users to terminate the process in Task Manager or uninstall the update. Additionally, the update disrupts Azure Virtual Desktop functionality, leading to sign-in failures and connection issues. Microsoft has acknowledged these problems and is investigating solutions, including a Known Issue Rollback for AVD. The update also breaks the LocalizedResourceName directive in File Explorer, preventing folder name customization. Users can uninstall the update through Settings, but this may expose them to security vulnerabilities.

Winsage

January 17, 2026

How to fix Nvidia GPU FPS drop due to the Windows January 2026 update?

Users with Nvidia GPUs are experiencing decreased gaming performance after the January 2026 Windows update (KB5074109), which was intended to enhance security and address vulnerabilities. Reported issues include drops in frames per second (FPS), black screen freezes, display hangs, and driver crashes related to nvlddmkm errors. Nvidia has released a new GPU driver to address these problems. A temporary solution for affected users is to uninstall the KB5074109 update, although it is a security patch that may need to be reinstalled later. Users can also update their Nvidia drivers to the latest hotfix version and use Display Driver Uninstaller (DDU) in Safe Mode for better results. It is recommended to pause Windows updates until a fix is provided by Microsoft.

Winsage

January 16, 2026

For January, Patch Tuesday starts off with a bang

Users accessing Azure Virtual Desktop or Windows 365 Cloud PCs through the Windows App may experience authentication errors and credential prompt failures after installing updates KB5074109, KB5073455, or KB5073724. Microsoft is preparing an out-of-band fix and advises affected users to connect via the Remote Desktop client for Windows or the Windows App Web Client. A minor subset of users may also find the password icon missing on the Windows login screen, an issue since the August 2025 update, for which Microsoft has introduced a Known Issue Rollback for Pro and Home users, while enterprise deployments should implement an updated Group Policy. Microsoft has removed legacy Agere and Motorola soft modem drivers to address CVE-2023-31096, a security vulnerability, which will render hardware reliant on these drivers non-functional after the January updates. Additionally, certificates from 2011 used by many Windows devices will begin to expire in June and October, potentially causing boot issues or loss of access to Secure Boot security fixes for devices not updated with 2023 certificates. A new section for resolved issues has been introduced in the monthly updates, addressing challenges impacting enterprise environments.

Winsage

January 16, 2026

Sorry Dave, I’m afraid I can’t do that! PCs refuse to shutdown after Microsoft patch

Microsoft's January Patch Tuesday update has caused shutdown and hibernation issues for some Windows 11 23H2 users, with devices refusing to power down despite user commands. The problem is linked to the Secure Launch feature, which prevents shutdown, restart, and hibernation attempts from functioning correctly. Microsoft has suggested a workaround using the command "shutdown /s /t 0" to force shutdown. They have not disclosed how many devices are affected or provided a timeline for a fix. Additionally, there is a separate issue affecting classic Outlook POP account profiles that may freeze or hang after the update.

Winsage

January 15, 2026

Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm

Microsoft and the U.S. government have issued a warning about a vulnerability in Windows, designated CVE-2026-20805, which is currently being exploited. This flaw allows an authorized attacker to leak a memory address from a remote ALPC port, potentially leading to arbitrary code execution. It has a medium severity rating of 5.5 on the CVSS scale. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog and requires federal agencies to implement a patch by February 3. Additionally, two other vulnerabilities were acknowledged: CVE-2026-21265, a secure boot certificate expiration bypass with a CVSS rating of 6.4, and CVE-2023-31096, an elevation of privilege flaw affecting third-party Agere Modem drivers, rated at 7.8. Two more vulnerabilities, CVE-2026-20952 (CVSS 7.7) and CVE-2026-20953 (CVSS 7.4), are use-after-free flaws in Office that could allow unauthorized code execution.

Winsage

January 14, 2026

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft Windows vulnerability, CVE-2026-20805, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 8.7. This vulnerability, part of the January 2026 Patch Tuesday updates, affects the Windows Desktop Window Manager and allows attackers to leak memory information, potentially aiding in further exploits. Federal Civilian Executive Branch agencies must address this vulnerability by February 3, 2026, as mandated by Binding Operational Directive 22-01.

Winsage

January 14, 2026

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

On Tuesday, Microsoft released its first security update for 2026, addressing 114 vulnerabilities, including eight classified as Critical and 106 as Important. The vulnerabilities include 58 related to privilege escalation, 22 concerning information disclosure, 21 linked to remote code execution, and five categorized as spoofing flaws. A notable vulnerability, CVE-2026-20805, involves information disclosure within the Desktop Window Manager (DWM) and has a CVSS score of 5.5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, requiring federal agencies to implement fixes by February 3, 2026. Additionally, Microsoft announced the expiration of three Windows Secure Boot certificates issued in 2011, effective June 2026, urging customers to transition to newer certificates to avoid disruptions. The update also removed vulnerable Agere Soft Modem drivers due to a local privilege escalation flaw (CVE-2023-31096) and addressed another critical privilege escalation flaw in Windows Virtualization-Based Security (CVE-2026-20876) with a CVSS score of 6.7. Other vendors, including Adobe, Amazon Web Services, and Cisco, have also released security patches for various vulnerabilities.

Winsage

January 13, 2026

Microsoft fixes 114 flaws in year’s first Windows 11 Patch Tuesday

Microsoft's January 2026 Patch Tuesday update, KB5074109, addresses 114 vulnerabilities, including a critical zero-day vulnerability (CVE-2026-20805) in the Windows Desktop Window Manager (DWM) that has been actively exploited. The update is applicable to Windows 11 versions 24H2 and 25H2 and includes security enhancements and updates to AI components. Other high-severity vulnerabilities addressed include CVE-2026-20816 (privilege escalation in Windows Installer), CVE-2026-20817 (elevation of privilege in Windows Error Reporting), CVE-2026-20840 (vulnerability in Windows NTFS), CVE-2026-20843 (flaw in Routing and Remote Access Service), CVE-2026-20860 (vulnerability in Ancillary Function Driver for WinSock), and CVE-2026-20871 (another DWM vulnerability). The update removes legacy modem drivers to minimize the attack surface and resolves reliability issues in Azure Virtual Desktop and WSL networking. It also changes the default setting for Windows Deployment Services (WDS) to disable hands-free deployment. Users can install the update through Windows Update, and a system reboot is required for full application.

Winsage

January 11, 2026

Microsoft Tests Uninstall Option for Copilot AI on Windows Devices

Microsoft is testing a new policy that allows IT administrators to completely uninstall its Copilot AI assistant from managed Windows devices. This policy, named “RemoveMicrosoftCopilotApp,” is being deployed through management tools like Intune and System Center Configuration Manager (SCCM) and addresses concerns about data privacy, resource consumption, and unwanted software in commercial settings. The feature is currently available in Windows 11 Insider Preview Build 26220.7535 (KB5072046) and reflects feedback from IT professionals who prefer controlled environments. While this option is exclusive to enterprise-tier Microsoft 365 subscribers, smaller businesses and individual users have limited options for removal. The policy aims to balance innovation with risk management, especially in regulated sectors like healthcare and finance, where data privacy is critical.

Winsage

January 6, 2026

Windows 11 AI components are getting their own changelogs (release history), as Microsoft plans model updates

Microsoft has released a support document titled “Release information for AI components” that details the AI components integrated into Windows 11, which can be installed through Windows Update or accessed via the Microsoft Update Catalog. These components are essential for enabling various AI models to operate locally on devices, and installations typically occur automatically on compatible PCs with 40+ TOPs of NPU. The size of Windows 11 Patch Tuesday updates has increased significantly, now ranging from 4-5GB, compared to previous updates that were under 800MB. Users can manage AI components through Settings > System > AI Components, although this page is empty for older PCs. The changelog includes individual components like the Settings Model, Image Search, Semantic Analysis, and Content Extraction, as well as lower-level elements such as Execution Provider. Updates for these AI models occur every few weeks, often without visible changes.