Skip to main content
TechnologyMay 13, 2026· 2 min read

Windows 10 Updates Again with KB5087544: What Changes with the Extended Update

Microsoft has started distributing the cumulative update KB5087544 for Windows 10, integrated into the Extended Security Update (ESU) program. Although the operating system has not received new aesthetic or functional features for some time, the May package proves essential for the stability and security of the infrastructure. The installation brings the build number to version 19045.7291 (19044.7291 for the Enterprise LTSC 2021 editions) and is available through the usual Windows Update channel for all devices enrolled in the extended support program.

One of the highlights of this release concerns the fix for a known problem affecting Remote Desktop (RDP) connections. Following the April update, many users reported that RDP security warning windows were displayed incorrectly on multi-monitor setups characterized by different scaling levels. KB5087544 restores the correct rendering of these elements, eliminating the visual anomalies encountered when opening .rdp files.

Windows 10 KB5087544: Security at the Center of May's Patch Tuesday

The May 2026 security bulletin is particularly substantial, with a total of 120 vulnerabilities resolved by Microsoft. Despite the absence of active zero-day exploits at the time of release, the severity of some flaws requires prompt intervention. The report highlights 17 critical vulnerabilities, of which 14 allow for Remote Code Execution (RCE). The categorization of the bugs sees a prevalence of privilege escalation flaws (61 cases), followed by 31 RCE vulnerabilities and 14 related to the disclosure of sensitive information.

Several key components come under scrutiny. Particularly insidious are the flaws fixed in Microsoft Office, Word, and Excel, some of which can be exploited simply through the file preview pane, making the mere receipt of malicious attachments dangerous. Among the most relevant fixes is CVE-2026-35421, a vulnerability in Windows GDI that allowed code execution via Enhanced Metafile (EMF) files opened with Paint, and CVE-2026-41096, which affects the Windows DNS client. In this latter case, a DNS server under an attacker's control could send a spoofed response capable of corrupting the memory of the victim system.

In addition to pure security patches, the update introduces improvements to Secure Boot management: dynamic reporting of security status has been enabled directly within the Windows Security app. Furthermore, the update packages now include more precise targeting data for devices, facilitating the automatic deployment of new Secure Boot certificates only on machines that have shown signs of stable updates.

However, Microsoft has confirmed a significant side effect. In some specific configurations, installing the recent updates might force the system to request the BitLocker recovery key upon reboot. The problem seems limited to PCs using a specific Group Policy based on the TPM PCR7 validation profile, in combination with the new UEFI CA 2023 certificate. As a temporary solution, the company suggests removing the affected policy setting and suspending/resuming BitLocker to regenerate the default PCR bindings. Lastly, there is also a minor update for Egypt's time zone, aligning with the daylight saving time changes decided by the local government.

'We should turn off half the country': Kenya halts Microsoft megadatacenter plansWindows 11: May patches are being distributed. Among the novelties, the new Xbox mode