Microsoft updates Windows 10: the KB5099539 package fixes 570 vulnerabilities
Microsoft has released KB5099539, the extended security update for Windows 10 that brings the operating system to build 19045.7548 (build 19044.7548 for Windows 10 Enterprise LTSC 2021). The package includes the fixes from July 2026's Patch Tuesday, a record month with 570 vulnerabilities resolved, including two zero-days already exploited in real attacks and one disclosed publicly before the patch.
The update specifically concerns devices enrolled in the Extended Security Updates (ESU) program or installations of Windows 10 Enterprise LTSC. It should be noted that Microsoft unexpectedly extended last month the free ESU program for consumers by an additional year, moving the security coverage deadline to October 12, 2027. Those who meet these requirements can download the package through the usual path: Settings, Windows Update, check for updates manually.
Fixes Included in the Package
With no further development of new features for Windows 10, KB5099539 focuses on bug fixes and security patches. Among the issues resolved is a defect in OLE Automation (oleaut32.dll) introduced by the June 2026 security update, which caused errors in applications invoking the IDispatch::Invoke method with shared BYREF parameters in the same memory area.
A malfunction in File Explorer has also been fixed, which would become unresponsive to the OneDrive link when the application was run with administrative privileges. An aesthetic detail of the Recycle Bin has been corrected: the confirmation window for permanently deleting a file could show the internal name of the file instead of the original.
On the input management front, Microsoft reports a change in the behavior of disabling and clearing hotkeys: in rare cases, some native Windows features may temporarily stop responding to certain keyboard shortcuts. The issue is usually resolved by restarting the involved app; otherwise, it should be reported via Feedback Hub.
For Secure Boot, the update introduces dynamic state reporting directly in the Windows Security app and expands the coverage of devices eligible to automatically receive new certificates, the release of which will continue over the coming months on supported PCs and unmanaged business devices.
The networking chapter is more delicate: KB5099539 introduces security tightening that imposes registration requirements for TDI transports. Applications relying on sockets over unregistered third-party TDI transports may stop functioning after installation, while those properly registered remain unaffected. To check if a device is involved, simply look for AFD ID 16003 events in the system log of the Event Viewer, which indicate an unregistered TDI provider detected by the system.
New features also come for Remote Desktop: support for SHA-2 certificate fingerprints for trusted RDP publishers arrives, while SHA-1 remains available only for compatibility and will be removed in the future. Microsoft advises IT administrators to migrate as soon as possible to SHA-256 or stronger algorithms, thereby avoiding disruptions when legacy support is eliminated. Additionally, Group Policy indications are introduced to manage the security of .rdp files, useful for limiting phishing risks by controlling which files users can open.
Aside from the points mentioned, Microsoft does not report any additional known issues related to this release.