June 9, 2026—KB5094127 (OS Builds 19045.7417 and 19044.7417)

Ισχύει για
Windows 10 ESU Windows 10 Enterprise LTSC 2021 Windows 10 IoT Enterprise LTSC 2021

Summary

This article lists the security issues and quality improvements included in this cumulative security update.


Applies to: Windows 10 ESU

Important

Use EKB KB5015684 to update to Windows 10, version 22H2.

This security update includes fixes and quality improvements that are part of the following updates:

The following is a summary of the issues that this update addresses when you install this update. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [File Explorer] This update improves File Explorer search, including support for Chinese text, and UTF 8–encoded files without a byte order mark (BOM). Text now displays more clearly and consistently across search results, Content view, and tooltips.

  • [Secure Boot]

    • This update enables dynamic status reporting for Secure Boot states in Windows Security App.
    • This update adds a new policy setting, LimitSecureBootRequiredServiceData, under Computer Configuration > Administrative Templates > Windows Components > Secure Boot. When this setting is enabled, Windows limits the Secure Boot service data it sends by suppressing the event normally sent to Microsoft. This policy is also included in the Windows Restricted Traffic Limited Functionality Baseline package. For information about the policy, see Manage connections from Windows 10 and Windows 11 operating system components to Microsoft services.
    • With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
  • [Folder customization] This update introduces a security hardening change to how Windows processes desktop.ini files. As a result, some users might notice missing custom folder icons or localized folder names for content from downloaded or remote locations. Note that access to folders is not affected. For more information, see Custom folder icons or localized folder names might not appear after installing the June 2026 Windows security update.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

For more information about security vulnerabilities, please refer to the new Security Update Guide website and the June 2026 Security Updates.

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page.

Known issues in this update

Microsoft Office applications might fail to open from certain third-party apps

Symptoms

Microsoft has received reports of an issue in which certain third-party applications might be unable to launch Microsoft Office applications or open documents after installing the Windows updates released on or after June 9, 2026. This issue affects certain third-party applications that use OLE automation to interact with Microsoft Office applications. In some cases, the Office application or document might fail to open without displaying an error message.

Affected Microsoft Office applications might include Word, Excel, PowerPoint, Access, and other Microsoft Office applications when launched from within the affected third-party application.

Reports indicate that this issue may affect applications such as CCH Engagement, Workpaper Manager, dental software (such as Dentrix and Softdent), and Zotero; other similar applications might also be impacted.

Third-party information disclaimer

The third-party products listed are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.

Resolution

This issue is resolved in Windows updates released on and after July 14, 2026 such as KB5099539. We recommend you install the latest Windows update for your device as it contains important improvements and issue resolutions, including this one.

Deleting from Recycle Bin displays an internal file name

Symptoms

After you install Windows updates released on June 9, 2026, the confirmation dialog might display the internal Recycle Bin file name (for example, $Rxxxxx.ext) instead of the original file name when you permanently delete a single item. In Recycle Bin, the item still appears with its original name.

This issue affects only the confirmation dialog. In the Recycle Bin, the item still appears with its original file name. If you restore the item, Windows restores it using the original file name.

Resolution

This issue is resolved in Windows updates released on and after July 14, 2026 such as KB5099539. We recommend you install the latest Windows update for your device as it contains important improvements and issue resolutions, including this one.

OneDrive shortcut in File Explorer might not work in administrator mode

Symptoms

After installing this update, the OneDrive shortcut in File Explorer might not work when File Explorer is running with administrative privileges. Symptoms include an unresponsive shortcut, blank OneDrive properties, and missing sync status icons. No error message is displayed.

This issue affects only the built-in Administrator account or applications run using Run as administrator.

Resolution

This issue is resolved in Windows updates released on and after July 14, 2026 such as KB5099539. We recommend you install the latest Windows update for your device as it contains important improvements and issue resolutions, including this one.

Windows 10 servicing stack update (KB5094145) - version 19041.7402

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improves the reliability of the update process and includes fixes to the servicing stack, the component that installs Windows updates.

Note: This servicing stack update (SSU) includes enhanced logic to verify whether a device is hosted on Azure, leveraging an updated certificate chain for validation. To ensure that the device can access the required certificate update domains to successfully download and install certificate updates, see Certificate downloads and revocation lists and Azure Certificate Authority details. To learn more about SSUs, see Servicing stack updates.

How to get this update

Before you install this update

Important You must have the latest servicing stack update (SSU) installed. Not installing the latest SSU before applying Windows updates might result in the Windows update not being offered until the latest SSU is installed.

Deployment

  • If you deploy dynamic updates such as this update to an existing Windows image, ensure the boot.stl file is included as part of the installation media. Failure to include the file may prevent devices from successfully starting from the installation media and can result in error code 0xc0430001.
    Note The boot.stl file is used during Secure Boot validation and must match the Windows version and architecture of the image you are updating.
    To ensure the boot.stl file is included as part of the installation media, do one of the following:

    • Use the Update WinPE script to update an existing Windows image. (Recommended)
    • Manually copy the boot.stl file from the devices Windows\Boot\EFI folder to the corresponding folder on your installation media before deploying the update.
  • If you deploy this update, choose one of the following based on your installation scenario:
    For offline OS image servicing

    • If your image does not have the July 25, 2023 (KB5028244) or later LCU, you must install the special standalone October 13, 2023 SSU (KB5031539) before installing this update.

    For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog

    • If your devices do not have the May 11, 2021 (KB5003173) or later LCU, you must install the special standalone August 10, 2021, SSU (KB5005260) before installing this update.

For information about how to apply Dynamic Update packages to existing Windows images, see Update Windows installation media with Dynamic Update.

Get and install this update

To get and install this update, use one of the following Windows and Microsoft release channels.


Available Next Step
Available This update will be downloaded and installed automatically from Windows Update.

File information

A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.

Note: The English (United States) version of this software update might contain files for additional languages.

Download Icon Download the file information for this cumulative update KB5094127.

Download Icon Download the file information for the SSU (KB5094145) - version 19041.7402 update.

Secure Boot

Note

  • Windows Secure Boot certificate expiration
  • Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the past months. Devices that haven’t received the newer certificates will continue to start and operate normally, and standard Windows updates will continue to install. We will continue to install the newer certificates via Windows updates in the coming months.
  • You can check your PC status on the Windows Security app. If you are an IT administrator, follow the guidance on the Secure Boot Playbook for Windows clients and Windows Server.

Microsoft Store application updates

Note

Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.

End of support

Note

Change log

Change date Change description
July 14, 2026 Known issue resolutions added:

  • "Microsoft Office applications might fail to open from certain third-party apps"
  • "Deleting from recycle bin displays an internal file name"
  • "OneDrive shortcut in file explorer might not work in administrator mode."
The known issue “Devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key” is addressed in this update. For more information about how the issue is addressed, see the April 2026 update KB5082200 or the May 2026 update KB5087544.
June 23, 2026 Known issue added: "OneDrive shortcut in File Explorer might not work in administrator mode".
June 18, 2026
  • Corrected the CSV file for update KB5094127 (this update) to the correct build 7417. The CSV file previously indicated an incorrect build of 7418.
  • Known issue added: "Deleting from Recycle Bin displays an internal file name".
June 16, 2026 Known issue added: "Microsoft Office applications might fail to open from certain third-party apps".
June 10, 2026 Added the "Folder customization" security hardening change to how Windows processes desktop.ini files.