Applies To
Windows 10 Home and Pro, version 21H2 Windows 10 Enterprise and Education, version 21H2 Windows 10 IoT Enterprise, version 21H2 Windows 10 Home and Pro, version 22H2 Windows 10 Enterprise Multi-Session, version 22H2 Windows 10 Enterprise and Education, version 22H2 Windows 10 IoT Enterprise, version 22H2

Release Date:

09/09/2025

Version:

OS Builds 19044.6332 and 19045.6332

Windows Secure Boot certificate expiration 

Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.

Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.

Support for Windows 10 will end in October 2025

After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.

Learn more

Summary

This article lists the security issues and quality improvements included in this security update.

Applies to: Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021

Important: Use EKB KB5003791 to update to Windows 10, version 21H2 on supported editions.

This security update includes fixes and quality improvements that are part of the following updates:

The following is a summary of the issues that this update addresses when you install this update. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [File Server] New! As part of the Windows updates released on and after September 9, 2025, this update enables support for IT administrators to deploy hardening measures for SMB. For detailed guidance, see CVE-2025-55234 | Windows SMB Elevation of Privilege Vulnerability.

  • [App compatibility (known issue)] Fixed: Addresses an issue that caused non-admin users to receive unexpected User Account Control (UAC) prompts when MSI installers perform certain custom actions. These actions might include configuration or repair operations in the foreground or background, during the initial installation of an application. This issue could prevent non-admin users from running apps that perform MSI repairs, including Office Professional Plus 2010 and multiple applications from Autodesk (including AutoCAD). This fix reduces the scope for requiring UAC prompts for MSI repairs and enables IT admins to disable UAC prompts for specific apps by adding them to an allowlist. For more information, see Unexpected UAC prompts when running MSI repair operations after installing the August 2025 Windows security update.

  • [WinSock] Fixed: This known issue occurred after installing the August 2025 Windows security update (KB5063709). You might experience delays or uneven audio and video performance issues when using Network Device Interface (NDI) to stream or transfer feeds between PCs.

Known issues in this update

We are currently not aware of any issues with this update.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

For more information about security vulnerabilities, please refer to the new Security Update Guide website and the May 2025 Security Updates.

Important Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page.

Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.

Windows 10 servicing stack update (KB5063979) - 19044.6271 and 19045.6271

Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing updates.

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. To learn more about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.

How to get this update

Before you install this update

Based on your installation scenario, choose one of the following:

  1. For offline OS image servicing:

    If your image does not have the July 25, 2023 (KB5028244) or later LCU, you must install the special standalone October 13, 2023 SSU (KB5031539) before installing this update.

  2. For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:

    If your devices do not have the May 11, 2021 (KB5003173) or later LCU, you must install the special standalone August 10, 2021 SSU (KB5005260) before installing this update.

Install this update

To install this update, use one of the following Windows and Microsoft release channels.

Available

Next Step

Available

This update will be downloaded and installed automatically from Windows Update and Microsoft Update.

If you want to remove the LCU

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File information

A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.

Download IconDownload the file information for this cumulative update KB5065429 now.

Download IconDownload the file information for the SSU (KB5063979) - versions 19044.6271 and 19045.6271 update now.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center