Microsoft releases Windows 10 KB5099539 extended security update

1 hour ago 9

Windows 10

Microsoft has released the Windows 10 KB5099539 extended security update, which includes the July 2026 Patch Tuesday security updates for 570 vulnerabilities, along with additional security fixes.

Initially, Microsoft only offered consumers one year of extended security updates. However, last month, Microsoft quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to receives security updates until October 12, 2027.

If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.'

image

Windows 10 KB5099539 updateWindows 10 KB5099539 update
Source: BleepingComputer

After installing this update, Windows 10 will be updated to build 19045.7548, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.7548.

What's new in Windows 10 KB5099539

Microsoft is no longer releasing new features for Windows 10, and the KB5099539 update primarily contains security updates and bug fixes.

The update also includes fixes released as part of today's record-breaking July 2026 Patch Tuesday, which fixed a record-breaking 570 vulnerabilities, including two exploited and one publicly disclosed zero-day flaws.

The complete list of fixes in KB5099539 is listed below:

  • [OLE Automation (known issue)] Fixed: Addresses a compatibility issue in OLE Automation (oleaut32.dll) that was introduced by the June 2026 security update. Some applications that use the IDispatch::Invoke method to call COM methods with BYREF parameters that share the same underlying storage might fail. These failures can include parameter marshaling errors or automation call failures. This update corrects how parameter ownership is managed and restores expected application behavior.

  • [File Explorer (known issue)] Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.

  • [Recycle Bin (known issue)] Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file.

  • [Input] This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the Feedback Hub.

  • [Secure Boot]

    • This update enables dynamic status reporting for Secure Boot states in Windows Security App.
    • This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.
  • [Networking] This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026.

  • [Remote Desktop (RDP) Security] Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group Policy to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.

Microsoft warns that hardening network security by enforcing TDI transport registration requirements could cause issues with legacy applications.

Windows users can check if this change impacts them by checking the Event Viewer for Event 16003 entries.

"To determine if you have a TDI transport that is affected by this change, check the Windows System event logs in Event Viewer > Windows > System," explains Microsoft.

"If you find an AFD Event ID: 16003 "An unregistered TDI provider (\Driver<Name>) was detected", then your TDI transport is affected by this change."

Otherwise, Microsoft says there are no known issues with this update.

article image

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Read Entire Article