KB5073457 is the January 13, 2026 cumulative security update for Windows Server 2022. It takes the OS to build 20348.4648, and it is a security update — you cannot simply skip it and forget about it.
It also broke several things. If you installed KB5073457 and Remote Desktop sign-ins started failing, or applications began hanging when saving to OneDrive, or Outlook froze on PST files, you are not troubleshooting a coincidence. Those are documented consequences of this specific update, and Microsoft has since shipped follow-up patches for most of them.
This guide covers what KB5073457 actually broke, which official update fixes each problem, and what to do if the update won’t install in the first place.
⚠️ Before you start
Do not uninstall KB5073457 as your first move. It is a security update, and removing it re-exposes the server to everything it patched. In almost every case the correct response is to install the follow-up update that fixes the regression — not to roll back. If you must remove it temporarily on a production server, treat that as an emergency mitigation with a hard deadline, not a solution.
Table of Contents
- What KB5073457 is
- Known issue 1: Remote Desktop sign-in failures
- Known issue 2: OneDrive and Dropbox app hangs
- Known issue 3: Outlook PST files hanging
- Known issue 4: VSM shutdown and hibernate failures
- Fix 5: When KB5073457 won’t install at all
- Should you install it?
- FAQ
What KB5073457 Is
KB5073457 is a cumulative update for Windows Server 2022, released on Patch Tuesday, January 13, 2026. Cumulative means it rolls up the security fixes and quality improvements from previous months, including the optional preview release that preceded it — so installing it brings the server current, and there is no need to hunt down earlier packages first.
It also carries a security hardening change that restricts certain applications from autofilling credentials during remote support sessions and automated authentication workflows. That behavioural change is deliberate, not a bug, and it is worth knowing about, because it can look like a broken tool when a helpdesk application suddenly stops passing credentials the way it used to.
You can confirm whether KB5073457 is present by running winver — build 20348.4648 means it installed.
Known Issue 1: Remote Desktop Sign-In Failures (Fix: KB5077800)
This is the one that hit hardest. After installing KB5073457, credential prompts started failing during Remote Desktop connections made through the Windows App on client devices. Azure Virtual Desktop and Windows 365 environments were affected, with users simply unable to sign in.
The fix: Microsoft released KB5077800 on January 17, 2026 as an out-of-band update — four days after the problem update — taking the build to 20348.4650. It resolves the Remote Desktop sign-in failures directly.
If you are on 20348.4648 and RDP is broken, install KB5077800. Do not roll back KB5073457 to get RDP working; you would be trading a login problem for an unpatched server.
Known Issue 2: OneDrive and Dropbox App Hangs (Fix: KB5078136)
The second regression is broader and affects ordinary work, not just administration. After KB5073457, some applications became unresponsive or threw unexpected errors when opening files from, or saving files to, cloud-based storage such as OneDrive or Dropbox.
If your users are reporting that an application “just freezes” when they hit Save on a document in a synced folder, and the timeline lines up with your January patching window, this is almost certainly the cause.
The fix: Microsoft addressed this in KB5078136. Install it, and the cloud-storage behaviour returns to normal.
Known Issue 3: Outlook PST Files Hanging (Same Fix: KB5078136)
This is the same root cause as issue 2, but it deserves its own section because it presents very differently and is easy to misdiagnose as an Outlook problem.
In configurations where Outlook stores PST files on OneDrive — a setup that is common and, frankly, always fragile — KB5073457 could cause Outlook to hang and refuse to reopen unless the process was killed or the machine restarted. Users also reported missing Sent Items, and previously downloaded emails being re-downloaded from scratch.
If you have been chasing a “corrupted mailbox,” check the patch level first. The fix is KB5078136, the same update that addresses the general cloud-storage hangs.
A broader lesson worth taking from this: storing PST files on cloud-synced folders is not a supported configuration and never has been. This incident exposed how many organisations were quietly doing it anyway.
Known Issue 4: VSM Shutdown and Hibernate Failures
A narrower one, but painful if it hits you. Some Secure Launch-capable machines with Virtual Secure Mode enabled could fail to shut down or hibernate after installing KB5073457.
If you run VSM and you are seeing machines hang at shutdown, this is a known consequence of the update rather than a hardware fault. Check Microsoft’s update page for the current mitigation status before you start replacing power supplies.
Fix 5: When KB5073457 Won’t Install at All
Separately from the regressions, a number of Windows Server 2022 admins have reported that KB5073457 simply fails to install, commonly with error 0x80073701 or 0x80073712. Both point to the same underlying condition: a damaged or incomplete component store.
Work through these in order:
1. Repair the component store.
sfc /scannow
DISM /Online /Cleanup-Image /RestoreHealth
Run SFC first, then DISM. Reboot between them. Then retry the update.
2. Read the CBS log properly. Open C:\Windows\Logs\CBS\CBS.log and search for SXS_ASSEMBLY_MISSING or the error code itself. This tells you the exact package that is missing, rather than leaving you guessing.
3. Reset the Windows Update components. Stop the update services, clear SoftwareDistribution, restart the services, and try again.
4. Check your WSUS or Group Policy. If the server is managed, a WSUS instance that lacks the metadata for KB5073457, or a policy pinning a target version, will block the install with confusing errors. Test by pulling the update directly from Microsoft rather than through your internal server.
5. Install manually from the Microsoft Update Catalog. Download the .msu from the Microsoft Update Catalog and install it offline. This bypasses the entire Windows Update pipeline and often works when the automated path does not.
6. In-place repair as a last resort. If DISM cannot fix the store, mounting an ISO of the exact same build and running an in-place repair upgrade is the reliable path. Back up first.
Should You Install KB5073457?
Yes — but not alone.
KB5073457 is a security update. The known issues are real and disruptive, but they are all either fixed by a subsequent update or scoped to specific configurations. Skipping a security patch to avoid a login bug is not a trade any administrator should be making.
The right approach: deploy KB5073457 together with KB5077800 and KB5078136 in the same maintenance window, so the regressions never reach your users. If you have a test ring, put it through there first — this update is a good argument for having one.
Also worth flagging while you are patching: Secure Boot certificates on most Windows devices begin expiring in June 2026. That deadline affects Server 2022 too, and it is not something you want to discover the week it lands.
FAQ About KB5073457
What build number does KB5073457 install? OS Build 20348.4648 on Windows Server 2022. Run winver to confirm. If you also applied the out-of-band fix, you will see 20348.4650.
Can I uninstall KB5073457? Technically yes, and Microsoft strongly advises against it. It is a security update. Install the follow-up patches instead of rolling it back.
Does KB5073457 affect Windows Server 2019 or 2016? No. KB5073457 is specific to Windows Server 2022. The January 2026 equivalents were KB5073723 for Server 2019 and KB5073722 for Server 2016 — different packages, different known issues.
Why does my helpdesk tool stop passing credentials after KB5073457? That is likely the intentional security hardening, not a bug. KB5073457 restricts some applications from autofilling credentials during remote support sessions. Check with your tool’s vendor for a supported workaround rather than trying to undo the hardening.
How long should I wait before deploying KB5073457? The follow-up fixes already exist, so there is no reason to keep waiting. Deploy all three together.
If you are running Windows Server 2022 and hitting this patch cycle without a valid license, Kymakers supplies genuine Windows Server 2022 Standard and Datacenter keys with instant delivery and activation support. Our guide to downloading, installing, and activating your Microsoft license covers the process. If you are still on Server 2019, our Server 2019 end of life breakdown explains why that clock matters.
Official Microsoft references: KB5073457 release notes · KB5077800 out-of-band fix







