Microsoft has released its monthly cumulative updates for all supported operating systems. These updates primarily address identified bugs and security vulnerabilities. However, they may also include new features or enhancements. Let's dive into details.
Note: The updates are already available through Windows Update.
Advertisеment
Windows 11
- Windows 11 (version 25H2) - KB5068861 (OS Build 26200.7171). ⬇️ Microsoft Update Catalog.
- Windows 11 (version 24H2) - KB5068861 (OS Build 26100.7171). ⬇️ Microsoft Update Catalog.
- Windows 11 (version 23H2) - KB5068865 (OS Build 22631.6199). ⬇️ Microsoft Update Catalog.
- Windows 11 (version 22H2) - KB5068865 (OS Build 22621.6199). ⬇️ Microsoft Update Catalog.
Windows 10 (ESU)
Warning! Official support for Windows 10 has been ended on October 14, 2025. Microsoft will continue to provide security updates for the operating system, but through the Extended Support Updates (ESU) program, which requires a fee or/and extra actions from the user. For more information, follow this link.
- 2022 Update (version 22H2) - KB5068781 (OS Build 19045.6575). ⬇️ Microsoft Update Catalog.
- November 2021 Update (version 21H2) - KB5068781 (OS Build 19044.6575). ⬇️ Microsoft Update Catalog.
- October 2018 Update (version 1809) - KB5068791 (OS Build 17763.8027). ⬇️ Microsoft Update Catalog.
- Anniversary Update (version 1607) - KB5068864 (OS Build 14393.8594). ⬇️ Microsoft Update Catalog.
What's new in Patch Tuesday Updates for Windows 11
December Servicing Update Schedule
Microsoft will not release a non-security preview update in December 2025 due to reduced operations during the Western holiday period and New Year’s Day. The company will publish the monthly security update as scheduled. Regular monthly servicing, including both security updates and non-security preview updates, will resume in January 2026.
Windows Secure Boot Certificate Expiration
Secure Boot certificates used by most Windows devices will begin expiring in June 2026. This expiration may prevent certain personal and business devices from booting securely if administrators do not apply updates in advance. Microsoft recommends reviewing official guidance and updating certificates proactively to avoid service disruption.
Highlights
This update resolves security issues in the Windows operating system.
Improvements
This security update incorporates fixes and quality improvements from KB5067036 (released October 28, 2025). The following summary details key issues addressed by this update, along with newly available features. The bold text within brackets identifies the affected component or area.
Gaming
- Fixed an issue affecting gaming handheld devices that prevented them from maintaining low-power states, resulting in accelerated battery drain.
- Fixed an issue on some handheld gaming devices where, after signing in using the built-in Gamepad, the controller did not respond in apps for approximately five seconds. After entering a password or PIN, the touch keyboard on the sign-in screen now hides automatically.
Storage
- Fixed an issue that could cause certain Storage Spaces to become inaccessible or lead to Storage Spaces Direct failure during storage cluster creation.
System Utilities (Known Issue)
- Fixed an issue where closing Task Manager using the Close button did not fully terminate the process, leaving background instances that could degrade performance over time. This issue could occur after installing KB5067036.
Voice Access
- Fixed an issue where Voice Access failed during initial setup if no microphone was connected and the voice model was not installed.
Window Management
- Fixed an issue where selecting the desktop unexpectedly opened Task View.
Networking
- Fixed an issue in the HTTP.sys request parser, a Windows component that reads and processes HTTP requests. The parser previously accepted a single line break within HTTP/1.1 chunk extensions, whereas RFC 9112 requires a carriage return and line feed (CRLF) sequence to terminate each chunk. This discrepancy could affect deployments that use front-end proxies.
To disable strict parsing, set the following registry key:
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Http\Parameters
Registry Value: "HttpAllowLenientChunkExtParsing"=dword:00000001
Data to Set: 1
AI Components
This release updates the following AI components:
| AI Component | Version |
|---|---|
| Image Search | 1.2510.1159.0 |
| Content Extraction | 1.2510.1159.0 |
| Semantic Analysis | 1.2510.1159.0 |
| Settings Model | 1.2510.1159.0 |
Windows Updates do not include updates for Microsoft Store apps. To ensure all apps and games are up to date, open the Microsoft Store and select “Get Updates.”
Simplified Windows Update Titles
A new standardized title format improves the clarity of Windows update listings. The updated format removes unnecessary technical details such as platform architecture while retaining essential identifiers—including date prefixes, KB numbers, and build or version information—to help users quickly recognize each update.
Changes for Windows 10
Input and Composition
Fixed: An issue with the Chinese Input Method Editor (IME)
Private Unicode characters now display correctly and comply with the GB18030 standard.
Fixed: An issue that affects USER32 Edit controls
Surrogate pairs no longer appear as empty boxes when text fields reach their maximum length.
Windows Remote Management (WinRM)
Fixed: An issue that affects PowerShell Remoting and WinRM
Commands no longer time out after 600 seconds.
Licensing
New! This update introduces a servicing stack update (SSU)
The servicing stack update incorporates an updated certificate chain to improve Azure environment validation.
Fax modem driver
This update removes the ltmdm64.sys driver
Fax modem hardware that depends on this driver will no longer function in Windows.
Cryptography
This update enforces a security hardening improvement
The system now requires the use of Key Storage Provider (KSP) instead of Cryptographic Service Provider (CSP) for RSA-based smart card certificates. Users who encounter smart card authentication issues due to this change should consult the Windows Release Health site for resolution steps. Additional details are available in in CVE-2024-30098.
File Explorer
After installing this update, File Explorer automatically disables the preview feature for files downloaded from the internet
This change enhances security by preventing a vulnerability that could occur when users preview potentially unsafe files. For details and instructions on how to unblock files, refer to the documentation titled “File Explorer automatically disables the preview feature for files downloaded from the internet.”
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026
This expiration may affect the ability of certain personal and business devices to boot securely if certificates are not updated in time. Review the provided guidance and update certificates in advance to avoid disruption.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
