January 13, 2026—KB5073700 (Security-only update)

Applies To
Windows Server 2008 Premium Assurance

Note

  • Windows Secure Boot certificate expiration
  • Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the past months. Devices that haven’t received the newer certificates will continue to start and operate normally, and standard Windows updates will continue to install. We will continue to install the newer certificates via Windows updates in the coming months.
  • You can check your PC status on the Windows Security app. If you are an IT administrator, follow the guidance on the Secure Boot Playbook for Windows clients and Windows Server.
End of support information

Note

  • Support for Windows Server 2008 has ended
  • Windows Server 2008 Premium Assurance ended on January 13, 2026.
  • Windows Server 2008 Extended Security Updates (ESU) ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see Extended Security Updates for Windows Server overview.
  • We recommend that you upgrade to a later version of Windows Server. For more information, see Overview of Windows Server upgrades.

Summary

Learn more about this security-only update, including improvements, any known issues, and how to get the update.

Windows Server 2008

This update contains security-only improvements. The following is a summary of the key issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [Windows Deployment Services (WDS)] This update introduces a change in behavior in which WDS will stop supporting hands-free deployment functionality by default. Admins should review guidance and follow instructions provided in Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance.
  • [Drivers] This update removes the following modem drivers: agrsm64.sys (x64), agrsm.sys (x86), smserl64.sys (x64) and smserial.sys (x86). Modem hardware dependent on these specific drivers will no longer work in Windows.

For more information about the resolved security vulnerabilities, please refer to the Deployments | Security Update Guide and the January 2026 Security Updates.

Verify that you have installed the required updates in the How to get this update section before installing this update.

For information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, see Description of the standard terminology that is used to describe Microsoft software updates. To view other notes and messages for Windows Server 2008 SP2, see Windows Server 2008 SP2 update history.

Known issues in this update

For the most up-to-date information about known issues for Windows Server 2008 SP2, please go to the Windows release health dashboard.

How to get this update

Before installing this update

To install any Windows Server 2008 SP2 Security-only update released on or after January 14, 2025, we recommend you first install the latest Servicing Stack Update (SSU). If your device or offline image does not have the latest SSU installed, you might not be able to install this update.

Note

Caution: Until you install the SSU, this update might not be offered to your device. To reduce your security risk, install the SSU as soon as possible.

  • If you use Windows Update, the latest SSU (KB5071812) will be offered to you automatically. If the latest SSU is not installed, you might not be able to install this update.
  • If you use the Update Catalog, recommend you download and install the latest SSU (KB5071812). If the latest SSU is installed, you might not be able to install this update.
  • If you are a Windows Server Update Services (WSUS) administrator, you must approve SSU KB5071812 and this update KB5073700.

For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

Language packs

If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Learn about adding a language pack to Windows.

Install this update

To install this update, use one of the following release channels.


Available Next step
Not available This update is not available from Windows Update. See the Update Catalog or Server Update Services release channel.

Note

Reminder If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer (KB5066840).

File information

A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.

Download Icon Download the file information for cumulative update KB5073700 now.