April 14, 2026—KB5082123 (OS Build 17763.8644)

Ισχύει για
Windows Server 2019 Win 10 Ent LTSC 2019

Note

  • Windows Secure Boot certificate expiration
  • Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the past months. Devices that haven’t received the newer certificates will continue to start and operate normally, and standard Windows updates will continue to install. We will continue to install the newer certificates via Windows updates in the coming months.
  • You can check your PC status on the Windows Security app. If you are an IT administrator, follow the guidance on the Secure Boot Playbook for Windows clients and Windows Server.

Summary

This article lists the security issues and quality improvements included in this security update.


Applies to: Windows Server 2019

This security update includes fixes and quality improvements that are part of the following update:

The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [PowerShell (known issue)] Fixed: After installing Windows updates released on or after January 13, 2026, Japanese language installations of Windows Server 2019 might not correctly display Japanese characters in the PowerShell console.

  • [Remote Desktop] This update improves protection against phishing attacks that use Remote Desktop (.rdp) files. When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default. A one-time security warning also appears the first time you open an .rdp file on a device. For more information, see Understanding security warnings when opening Remote Desktop (RDP) files.

  • [Vulnerable driver blocklist] This update introduces a security hardening change that adds known vulnerable kernel drivers to the Microsoft vulnerable driver blocklist. Backup applications that rely on blocked drivers might experience failures when attempting to mount or manage disk images.
    These apps relying on blocked drivers might display error messages, including "The backup has failed because Microsoft VSS has timed out during the snapshot creation" or VSS_E_BAD_STATE. Affected users should update to a newer version of their application that uses newer drivers that include the required protections. For more information, see April 2026 Windows security updates introduce protections to known vulnerable kernel drivers.

  • [Windows Deployment Services (WDS)] This update disables the “Hands-Free Deployment” feature in WDS by default and is no longer a supported feature. For more information about this change, see Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance related to CVE-2026-0386.

  • [Kerberos protocol] This update changes the default DefaultDomainSupportedEncTypes value for Kerberos Key Distribution Center (KDC) operations to leverage AES-SHA1 for accounts that do not have an explicit msds-SupportedEncryptionTypes Active Directory attribute defined. For more information see, How to manage Kerberos KDC usage of RC4 for service account ticket issuance changes related to CVE-2026-20833.

  • [Secure Boot]

    • This update enables dynamic status reporting for Secure Boot states in the Windows Security App (Settings > Update & Security > Windows Security). Learn more about the status alerts via badges and notifications. Note that these enhancements are disabled by default on commercial devices and servers.
    • This update fixes an issue that could cause a device to enter BitLocker Recovery after Secure Boot updates.
    • With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

For more information about security vulnerabilities, please refer to the new Security Update Guide website and the April 2026 Security Updates.

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page.

Known issues in this update

  • Domain controllers might restart repeatedly after installing this update

    Symptoms

    After installing this update, domain controllers in environments with multiple domains in the forest that use Privileged Access Management (PAM), might experience LSASS crashes during startup. As a result, affected domain controllers might restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable.

    Resolution

    This issue is addressed in out-of-band update KB5091573.

  • Remote Desktop security warnings might not display correctly

    Symptoms
    After installing this update, the security warning that appears when opening Remote Desktop (RDP) files might not display correctly in some cases.
    This issue might occur when you use more than one monitor with different display scaling settings (for example, one display set to 100% and another set to 125%). When this happens, the warning window might show overlapping text or partially hidden buttons, which can make the message difficult to read or interact with.
    Resolution

    This issue is resolved in Windows updates released on and after May 12, 2026 (such as KB5087538). We recommend you install the latest Windows update for your device as it contains important improvements and issue resolutions, including this one.

Windows 10 servicing stack update (KB5082118) - version 17763.8642

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improves the reliability of the update process and includes fixes to the servicing stack, the component that installs Windows updates.

Note: This servicing stack update (SSU) includes enhanced logic to verify whether a device is hosted on Azure, leveraging an updated certificate chain for validation. To ensure that the device can access the required certificate update domains to successfully download and install certificate updates, see Certificate downloads and revocation lists and Azure Certificate Authority details. To learn more about SSUs, see Servicing stack updates.

How to get this update

Before you install this update

You must have installed the August 10, 2021 SSU (KB5005112) before installing this cumulative update.

Install this update

To install this update, use one of the following Microsoft release channels.


Available Next Step
Available This update will be downloaded and installed automatically from Windows Update.

File information

A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.

Note: The English (United States) version of this software update might contain files for additional languages.

Download Icon Download the file information for cumulative update KB5082123.

Download Icon Download the file information for Windows 10 servicing stack update (KB5082118) - version 17763.8642.

If you want to remove this update

Note

Notice for Microsoft Store application updates

Note

Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.

End of support information

Note

Change log

Change date Change description
May 12, 2026
  • Added the resolution to known issue "Remote Desktop security warnings might not display correctly"
May 1, 2026
  • Improvement added: [Vulnerable driver blocklist]
April 23, 2026
  • Added the known issue "Remote Desktop security warnings might not display correctly".
April 19, 2026
  • Added the resolution for known issue "Domain controllers might restart repeatedly after installing this update".
April 17, 2025
  • Known issue, "Domain controllers might restart repeatedly after installing this update", was updated for clarification.
April 16, 2026
  • Known issue added for Windows Server 2019: "Domain controllers might restart repeatedly after installing this update"