Software Security Compliance

Microsoft’s January Patch Tuesday focuses on security fixes and legacy modem driver removal in Windows 11 and 10

Wed, 14 Jan 2026 17:14:47 +0000

Microsoft releases its first Patch Tuesday of 2026, prioritising security enhancements and bug fixes for Windows 11 and 10, including the removal of outdated modem drivers to address security risks.

Microsoft has issued its first regular Patch Tuesday of 2026, distributing cumulative updates for Windows 11 (25H2 and 24H2 via KB5074109, and 23H2 via KB5073455) and for eligible Windows 10 systems (KB5073724). According to ComputerBase, the roll‑out is focused on bug fixes and security hardening rather than new features, following the omission of an optional update at the end of December because of the holidays. ^[1]^[6]

The updates address a range of stability issues. Microsoft says the Windows 11 package corrects a WSL (Windows Subsystem for Linux) bug that could cause VPN connections to abort with a “No Route to Host” error, and fixes a condition in devices with a neural processing unit (NPU) that could leave the AI processor active while idle, increasing power draw. The WinSqlite3.dll component has also been updated after some security products flagged it as vulnerable. These changes are documented in Microsoft’s support notes for the January 13, 2026 releases. ^[1]^[4]

A notable and user‑impacting change is the removal of several legacy modem drivers, agrsm64.sys, agrsm.sys, smserl64.sys and smserial.sys, from supported builds. Microsoft warns that modems dependent on these drivers will no longer function after the update because of an identified security risk. ComputerBase and the Microsoft support pages make clear this is an intentional removal to mitigate those risks. ^[1]^[2]^[4]

For Windows 10, the January update is being made available primarily through the Extended Security Updates (ESU) channel for 22H2 and 21H2 customers and for organisations with extended servicing, rather than general consumer channels. PureInfotech and Microsoft support documentation note that the same modem‑driver removals and component updates apply to the Windows 10 ESU release (KB5073724). Administrators running legacy modem hardware should therefore validate device compatibility before deploying the update broadly. ^[3]^[2]

The Patch Tuesday packages also include platform security improvements beyond individual component fixes. Microsoft describes enhancements to Secure Boot certificate management that limit the delivery of new certificates until devices have demonstrated a sufficient history of successful updates, a measure intended to reduce the risk of improperly validated boot components. Industry coverage summarises these platform‑level hardenings alongside the other bug fixes. ^[4]^[5]^[6]

Across the January releases Microsoft has closed 112 security vulnerabilities, with some entries reaching up to 8.8 on the CVE severity scale, underlining the importance of timely installation for systems exposed to internet‑facing risks. Security reporting and the vendor advisories recommend patching promptly while testing for any hardware compatibility issues that the modem driver removals might create. ^[1]^[6]

There are no new consumer features in this cycle; the update is principally maintenance and mitigation. Organisations and users with legacy modem hardware or who rely on Windows 10 beyond mainstream support should consult Microsoft’s support articles and their hardware vendors for compatibility guidance before applying the updates. ^[1]^[2]^[3]

📌 Reference Map:

- ^[1] (ComputerBase) - Paragraph 1, Paragraph 2, Paragraph 3, Paragraph 6, Paragraph 7
- ^[2] (Microsoft Support KB5073724) - Paragraph 3, Paragraph 4, Paragraph 6, Paragraph 7
- ^[3] (PureInfotech) - Paragraph 4, Paragraph 6
- ^[4] (Microsoft Support KB5074109) - Paragraph 2, Paragraph 5, Paragraph 6
- ^[5] (PureInfotech Windows 11 summary) - Paragraph 5, Paragraph 6
- ^[6] (WindowsReport) - Paragraph 1, Paragraph 2, Paragraph 5, Paragraph 6

Source: Noah Wire Services

Reports: cultural shift needed to unlock workplace AI adoption

Mon, 08 Dec 2025 08:07:16 +0000

New survey data reveals that organisations' success with AI depends more on cultural change and leadership transparency than on technical access, highlighting the importance of trust, training, and employee involvement to drive effective adoption.

At a moment when organisations are pouring resources into generative and other AI technologies, new survey data suggests the real barrier to effective adoption is cultural rather than technical. According to the original report from Great Place To Work, while most employees worldwide now have access to AI at work, fewer than half feel excited about it or trust their employer to use it responsibly. ^[1]

The research finds that leadership behaviours , not simply tool availability , most strongly predict whether employees will adopt AI. Industry data shows employees are 2.5 times more likely to use AI when leaders visibly support it, and more than twice as likely when leaders explain how AI can benefit their careers. This aligns with analysis from Great Place To Work on common pitfalls, which warns that failing to be transparent or to involve employees in decisions can quickly erode trust in AI initiatives. ^[1]^[2]

A persistent communications gap exists between executives and frontline staff. According to the survey, 83% of executives believe their message about AI is getting through, yet only 37% of frontline workers agree; similarly, 81% of executives say they are encouraging AI use while just 33% of frontline employees feel encouraged. The study and related guidance both emphasise that tailored, two-way engagement with frontline teams is critical to close this divide. ^[1]^[3]

Training and peer support also materially affect adoption. The research reports that employees who receive training are far more likely to be active AI users , 94% of trained employees use AI compared with 52% of those who want training but have not received it. Great Place To Work’s advice further notes that employee resource groups and collaborative communities provide safe spaces for experimentation, increasing uptake and trust. ^[1]^[2]^[3]

The cultural readiness problem is widespread: Great Place To Work’s 2024 survey of 43,000 employees across 69 countries found two out of three organisations were not culturally or operationally prepared for AI transformation. Industry commentators caution that rushing pilots without employee involvement risks costly rollbacks , echoing S&P Global and McKinsey findings that many pilot projects stall and that reported financial impact has so far been limited for many firms. ^[1]

To help organisations assess alignment and readiness, Great Place To Work (in partnership with Cadence Design Systems) developed the AI For All Index™, a 12-question assessment designed to measure how well workplaces are set up for equitable, trusted AI adoption. The company says the index draws on responses from tens of thousands of employees to highlight where leadership, training and peer networks need strengthening. ^[1]

Taken together, the evidence points to a clear sequence for leaders: invest in skills and peer networks, communicate benefits and safeguards plainly, and involve employees , especially frontline workers , in designing AI-driven changes. Industry guidance stresses that doing so not only improves adoption but helps avoid trust-eroding mistakes that can derail longer-term value creation. ^[2]^[3]^[1]

📌 Reference Map:

Reference Map:

- ^[1] (Great Place To Work blog) - Paragraph 1, Paragraph 2, Paragraph 3, Paragraph 4, Paragraph 5, Paragraph 6, Paragraph 7
- ^[2] (Great Place To Work blog: "AI-powered mistakes & trust") - Paragraph 2, Paragraph 4, Paragraph 7
- ^[3] (Great Place To Work UK: "AI adoption strategies") - Paragraph 3, Paragraph 4, Paragraph 7

Source: Fuse Wire Services

Google accelerates shift to passkeys to combat rising cyber threats and scams

Mon, 10 Nov 2025 09:53:23 +0000

Amid a surge in global scams and sophisticated AI-driven cyberattacks, Google is intensifying its push for Gmail users to adopt passkeys, aiming to strengthen authentication and reduce password-related vulnerabilities.

Google is intensifying its push for Gmail users to abandon passwords in favour of passkeys, amid rising global scams and sophisticated AI-driven cyber threats. The company highlights that scams remain a persistent global issue, with transnational criminal groups increasingly targeting users via phishing emails, malicious texts, and fraudulent calls in attempts to steal credentials for financial gain. According to Google, 57% of adults have encountered scams in the past year, and 23% have suffered monetary losses. These escalating dangers come as organised crime syndicates, including Chinese cyber gangs, exploit AI tools to scale and refine their schemes.

Google initially recommended switching from passwords to passkeys in 2023, positioning passkeys as a more secure alternative rather than responding to any specific breach. The company emphasises that passkeys verify account access by confirming possession of and unlocking a user's device, thereby defending against phishing and risks associated with reused or exposed passwords. Although reports have circulated about large compilations of breached Gmail credentials, such as one listing 394 million unique Gmail addresses, Google urges users to adopt passkeys for stronger protection. The move aligns with similar recommendations from Microsoft, which advises users to eliminate passwords entirely.

Passkeys are now integral to Google's authentication ecosystem, enabling users to bypass both passwords and two-step verification when signing in. Google has reported a 352% increase in passkey adoption in the past year, driven by the security and convenience they offer. The company also plans to monitor sign-ins that fall back on passwords more closely, aiming to tighten security further. Google accounts serve as a Single Sign-On (SSO) platform for many users, granting access to numerous services, which magnifies the consequences of compromised credentials. Industry data from NordPass reveals that Google powers nine out of ten SSO options on the most visited global websites, while 86% of basic web app attacks exploit stolen credentials. Consequently, Google's promotion of passkeys addresses a critical vulnerability in online security.

This transition is part of a broader move by Google to establish passkeys as the default sign-in method, announced last October. Passkeys allow users to authenticate using biometrics or a PIN, eliminating the need for traditional passwords and delivering a more user-friendly and phishing-resistant experience. Updates have extended the flexibility of passkeys across a wide range of devices, with Google Password Manager now supporting passkey storage and sync on desktop platforms such as Windows, macOS, Linux, and Android, alongside ChromeOS in beta. These passkeys are safeguarded with end-to-end encryption and an additional PIN on Google Password Manager, making them accessible only to the user.

Security is further reinforced by the encrypted storage of passkeys on devices using hardware-protected encryption keys. This encryption prevents even Google from accessing users' passkeys directly. Recovery options allow users to regain account access or add new devices by verifying identity through existing device lockscreens or passwords. Google's Advanced Protection Program has integrated passkeys for high-risk users, reinforcing the company's commitment to a passwordless future.

The drive towards passkeys responds not only to the increasing scale of cyber threats but also to longstanding challenges around password security. Studies show that poor password habits are often reinforced by websites that fail to enforce strong credential policies, pushing users towards convenience over security. By pioneering passkeys in collaboration with the FIDO Alliance, Google is promoting a standard that offers resistance to phishing and simplifies authentication, offering users a safer, streamlined online experience.

📌 Reference Map:

- ^[1] (Dataconomy) - Paragraphs 1, 2, 3, 4, 5
- ^[2] (Google Blog October 2023) - Paragraph 6
- ^[4] (Google Blog September 2024) - Paragraph 7
- ^[6] (Google Security Blog May 2024) - Paragraph 8
- ^[5] (Google Blog April 2024) - Paragraph 8
- ^[7] (Google Blog May 2023) - Paragraph 9

Source: Noah Wire Services