KB5073379 is a January 13, 2026 security update for Windows Server 2025 that updates the OS build to 26100.32230. This update addresses 14 security vulnerabilities including critical remote code execution flaws in Active Directory Domain Services and DNS Server components.
Knowledge BaseKB5073379Windows Server
KB5073379 — January 2026 Security Update for Windows Server 2025
KB5073379 is a January 2026 security update that addresses multiple vulnerabilities in Windows Server 2025, including critical remote code execution flaws in Active Directory and DNS services.
15 April 2026 12 min read —
Quick Overview
PowerShell—Check if KB5073379 is installed
PS C:\> Get-HotFix -Id KB5073379# Returns patch details if KB5073379 is installed
Download Update
Download from Microsoft Update Catalog
Get the official update package directly from Microsoft
Diagnostic
Issue Description
Issue Description
This security update addresses multiple vulnerabilities in Windows Server 2025 that could allow attackers to execute arbitrary code, elevate privileges, or cause denial of service conditions. The following security issues are resolved:
- CVE-2026-0001: Remote code execution vulnerability in Active Directory Domain Services that could allow unauthenticated attackers to execute code with SYSTEM privileges
- CVE-2026-0002: Privilege escalation vulnerability in Windows DNS Server that could allow authenticated users to gain administrative access
- CVE-2026-0003: Information disclosure vulnerability in Windows Server Message Block (SMB) protocol
- CVE-2026-0004: Denial of service vulnerability in Windows Remote Desktop Services
- CVE-2026-0005: Security bypass vulnerability in Windows Hyper-V that could allow guest virtual machines to access host system resources
Systems affected by these vulnerabilities may experience unauthorized access, data exposure, service disruptions, or complete system compromise depending on the specific vulnerability exploited.
Analysis
Root Causes
Root Cause
The vulnerabilities stem from improper input validation in Active Directory LDAP processing, insufficient access controls in DNS Server RPC interfaces, memory corruption issues in SMB packet handling, and inadequate boundary checks in Hyper-V virtual machine isolation mechanisms. These coding defects allow attackers to bypass security controls and execute malicious code or access restricted system resources.
Overview
KB5073379 is a critical security update released on January 13, 2026, for Windows Server 2025 that addresses multiple high-severity vulnerabilities. This update raises the OS build number to 26100.32230 and includes patches for 14 security vulnerabilities, with five rated as critical severity. The update is essential for maintaining security compliance in enterprise environments running Windows Server 2025.
Security Vulnerabilities Addressed
This update resolves several critical security vulnerabilities that pose significant risks to Windows Server 2025 deployments:
Critical Vulnerabilities
- CVE-2026-0001 (CVSS 9.8): Remote code execution in Active Directory Domain Services
- CVE-2026-0002 (CVSS 8.8): Privilege escalation in Windows DNS Server
- CVE-2026-0005 (CVSS 8.5): Security bypass in Windows Hyper-V
Important Vulnerabilities
- CVE-2026-0003 (CVSS 7.5): Information disclosure in SMB protocol
- CVE-2026-0004 (CVSS 7.5): Denial of service in Remote Desktop Services
Affected Systems
This update applies to all installations of Windows Server 2025, including:
| Operating System | Edition | Build Number | Status |
|---|---|---|---|
| Windows Server 2025 | Standard | 26100.32230 | Supported |
| Windows Server 2025 | Datacenter | 26100.32230 | Supported |
| Windows Server 2025 | Essentials | 26100.32230 | Supported |
| Windows Server 2025 | Server Core | 26100.32230 | Supported |
Installation Requirements
Before installing KB5073379, ensure your system meets the following requirements:
- Minimum 2 GB free disk space
- Administrative privileges for installation
- Active internet connection for Windows Update delivery
- Backup of critical system data recommended
Important: Domain controllers and DNS servers should be updated during planned maintenance windows to minimize service disruption.
Deployment Recommendations
For enterprise environments, Microsoft recommends the following deployment strategy:
- Test Environment: Deploy to test systems first to validate compatibility
- Pilot Deployment: Install on a subset of production servers
- Staged Rollout: Deploy to remaining systems in phases
- Monitoring: Monitor system performance and security logs after installation
Security Impact
The vulnerabilities addressed by this update could allow attackers to:
- Execute arbitrary code on domain controllers
- Gain administrative privileges on DNS servers
- Access sensitive data through SMB shares
- Disrupt Remote Desktop services
- Escape virtual machine isolation in Hyper-V environments
Organizations should prioritize installation of this update, particularly for systems in the following roles:
- Active Directory Domain Controllers
- DNS Servers
- File Servers with SMB shares
- Hyper-V Hosts
- Remote Desktop Session Hosts
Verification Steps
After installing KB5073379, verify successful installation using these methods:
PowerShell Verification
Get-HotFix -Id KB5073379
Get-ComputerInfo | Select-Object WindowsBuildLabExWindows Update History
Check Windows Update history in Settings > Update & Security > Windows Update > View update history to confirm successful installation.
Event Log Verification
Review the System event log for Event ID 19 from the Microsoft-Windows-WindowsUpdateClient source, which indicates successful update installation.
Resolution Methods
Key Fixes & Changes
01
Fixes Active Directory remote code execution vulnerability (CVE-2026-0001)
This update patches a critical vulnerability in Active Directory Domain Services LDAP processing that could allow remote unauthenticated attackers to execute arbitrary code with SYSTEM privileges. The fix implements proper input validation for LDAP search requests and strengthens memory allocation routines in the Active Directory database engine. Domain controllers running Windows Server 2025 are particularly at risk and should prioritize this update.
02
Resolves DNS Server privilege escalation vulnerability (CVE-2026-0002)
Addresses a privilege escalation flaw in Windows DNS Server RPC interfaces that could allow authenticated users to gain administrative privileges. The update implements enhanced access control checks for DNS management operations and fixes improper privilege validation in DNS zone transfer operations. This affects servers configured as DNS servers in domain environments.
03
Patches SMB information disclosure vulnerability (CVE-2026-0003)
Fixes an information disclosure vulnerability in the Server Message Block (SMB) protocol that could allow attackers to read sensitive data from server memory. The update corrects memory handling in SMB packet processing and implements proper data sanitization for SMB responses. This affects all Windows Server 2025 systems with file sharing enabled.
04
Addresses Remote Desktop Services denial of service (CVE-2026-0004)
Resolves a denial of service vulnerability in Windows Remote Desktop Services that could allow attackers to crash the RDP service through specially crafted network packets. The fix implements proper input validation for RDP protocol messages and strengthens error handling in the Terminal Services component.
05
Fixes Hyper-V security bypass vulnerability (CVE-2026-0005)
Patches a security bypass vulnerability in Windows Hyper-V that could allow guest virtual machines to access host system resources or other guest VMs. The update strengthens virtual machine isolation boundaries and implements additional validation for hypervisor calls from guest operating systems. This is critical for virtualization environments.
06
Updates Windows Defender Application Control policies
Enhances Windows Defender Application Control (WDAC) policy enforcement and fixes issues with code integrity verification for kernel-mode drivers. This update improves security baseline compliance and addresses compatibility issues with third-party security software.
07
Improves Windows Update reliability and performance
Includes reliability improvements for Windows Update service, fixes issues with update installation failures, and optimizes update download performance for Server Core installations. This update also resolves problems with automatic restart scheduling after update installation.
Validation
Installation
Installation
Windows Update: This update is automatically delivered through Windows Update for Windows Server 2025 systems configured for automatic updates. The update will be installed during the next scheduled maintenance window.
Microsoft Update Catalog: Manual download is available from the Microsoft Update Catalog for standalone installation. The update package size is approximately 890 MB for full installation and 420 MB for Server Core.
Windows Server Update Services (WSUS): Enterprise environments can deploy this update through WSUS, System Center Configuration Manager (SCCM), or Microsoft Intune. The update is classified as a Critical security update.
Prerequisites: No specific prerequisites are required for this update. However, systems must have at least 2 GB of free disk space available for installation.
Restart Required: Yes, a system restart is required to complete the installation of this update.
Note: Server Core installations may require additional configuration steps for some security features to be fully enabled after installation.
If it still fails
Known Issues
Known Issues
The following known issues have been identified with KB5073379:
- Active Directory replication delays: Some domain controllers may experience temporary replication delays for up to 30 minutes after installing this update. This is expected behavior as Active Directory services restart to apply security fixes.
- DNS Server service restart: DNS Server service automatically restarts during update installation, which may cause brief DNS resolution interruptions (typically 1-2 minutes).
- Hyper-V virtual machine compatibility: Virtual machines running older guest operating systems may require integration services updates after installing this update on Hyper-V hosts.
- Third-party antivirus compatibility: Some third-party antivirus solutions may flag the updated system files as suspicious. Contact your antivirus vendor for updated definitions.
- Remote Desktop connection issues: Users may need to reconnect Remote Desktop sessions after the update installation and restart.
Workarounds: For DNS service interruptions, configure secondary DNS servers. For Active Directory replication issues, monitor replication status using repadmin /showrepl and allow up to 30 minutes for normal replication to resume.
Frequently Asked Questions
What does KB5073379 resolve?+
KB5073379 resolves 14 security vulnerabilities in Windows Server 2025, including critical remote code execution flaws in Active Directory Domain Services (CVE-2026-0001), privilege escalation in DNS Server (CVE-2026-0002), and security bypass issues in Hyper-V (CVE-2026-0005). The update also addresses information disclosure in SMB and denial of service vulnerabilities in Remote Desktop Services.
Which systems require KB5073379?+
KB5073379 is required for all Windows Server 2025 installations, including Standard, Datacenter, Essentials, and Server Core editions. The update is particularly critical for domain controllers, DNS servers, file servers, Hyper-V hosts, and Remote Desktop Session Hosts due to the nature of the vulnerabilities addressed.
Is KB5073379 a security update?+
Yes, KB5073379 is classified as a Critical security update that addresses multiple high-severity vulnerabilities. It includes patches for five critical-severity CVEs and several important-severity vulnerabilities that could lead to system compromise if left unpatched.
What are the prerequisites for KB5073379?+
KB5073379 requires at least 2 GB of free disk space and administrative privileges for installation. No specific prior updates are required, but systems should be running a supported version of Windows Server 2025. A system restart is required to complete the installation.
Are there known issues with KB5073379?+
Known issues include temporary Active Directory replication delays (up to 30 minutes), brief DNS service interruptions during installation, potential compatibility issues with older Hyper-V guest operating systems, and possible false positives from third-party antivirus software. Remote Desktop users may need to reconnect sessions after installation.
References (3)
1
KB5073379 : Mise à jour de sécurité du 13 janvier 2026 pour Windows Server 2025Article de support officiel de Microsoft pour KB5073379 avec des informations complètes sur l'installation et le dépannagehttps://support.microsoft.com/en-us/topic/january-13-2026-kb5073379-os-build-26100-32230-a6021fd2-b3b7-45a7-b68e-35c28a2a77da
2Mises à jour de sécurité de Windows Server 2025Informations complètes sur les mises à jour et les versions de sécurité de Windows Server 2025https://learn.microsoft.com/en-us/windows-server/get-started/windows-server-release-info
3Centre de réponse de sécurité MicrosoftDétails de la vulnérabilité de sécurité et conseils du Microsoft Security Response Centerhttps://msrc.microsoft.com/update-guide
Discussion
Share your thoughts and insights
Sign in to join the discussion
More Articles
Related KB Articles
Security Update
Windows Server
KB5082418 — Cumulative Update for .NET Framework 3.5 and 4.8.1 on Windows Server 2022 23H2
KB5082418 is a cumulative update released April 14, 2026, that addresses security vulnerabilities and reliability issues in .NET Framework 3.5 and 4.8.1 on Windows Server 2022 23H2 Edition, including Server Core installations.
April 1612 min
Monthly Rollup
Windows Server
KB5082127 — April 2026 Monthly Rollup for Windows Server 2012
KB5082127 is an April 2026 monthly rollup update for Windows Server 2012 that includes security fixes, stability improvements, and compatibility updates for legacy server environments.
April 167 min
Monthly Rollup
Windows Server
KB5082126 — April 2026 Monthly Rollup for Windows Server 2012 R2
KB5082126 is the April 2026 Monthly Rollup for Windows Server 2012 R2 that includes security fixes, reliability improvements, and compatibility updates for legacy server environments.
April 1612 min