May 13, 2025—KB5058379 (OS Builds 19044.5854 and 19045.5854) - EXPIRED
Applies To
Release Date:
13/05/2025
Version:
OS Builds 19044.5854 and 19045.5854
|
EXPIRATION NOTICE IMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. |
Support for Windows 10 has ended on October 14, 2025
After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page.
Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.
Important Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.
Summary
This article lists the security issues and quality improvements included in this security update. The bold text within the brackets indicates the item or area of the change we are documenting.
Improvements
Applies to: Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021
Important: Use EKB KB5003791 to update to Windows 10, version 21H2 on supported editions.
This security update includes quality improvements that were a part of update KB5055612 (released April 22, 2025). Below is a summary of the key issues that this update addresses when you install this KB. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.
Important: Use EKB KB5015684 to update to Windows 10, version 22H2.
This security update includes quality improvements. Key changes include:
-
This build includes all the improvements from the supported Windows 10, version 21H2 editions.
-
No additional issues are documented for this release.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the May 2025 Security Updates.
Windows 10 servicing stack update (KB5058526) - 19044.5853 and 19045.5853
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing updates.
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. To learn more about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Known issues in this update
Symptoms
Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device. This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.
Workaround
The issue has been resolved in Citrix Session Recording Agent version 2503, released on April 28, 2025, and newer versions.
For details, see the documentation provided by Citrix at "Microsoft's January Security Update Fails/Reverts on a machine with 2411 Session Recording Agent".
Symptoms
There are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. The March 2025 Preview Update introduced Noto fonts in collaboration with Google, for CJK languages as fallbacks to improve text rendering when websites or apps don’t specify appropriate fonts. The issue is due to limited pixel density at 96 DPI, which can reduce the clarity and alignment of CJK characters. Increasing the display scaling improves clarity by enhancing text rendering.
Workaround
Microsoft has shared its findings on the blurry text issue at 96 DPI, along with potential solutions with Google for further discussion. For additional support, users can report issues related to Noto CJK fonts through the official Google Noto Fonts GitHub repository.
Symptoms
We are aware of a known issue on devices with Intel Trusted Execution Technology (TXT) enabled on 10th generation or later Intel vPro processors. On these systems, installing the May 13, 2025, Windows security update (KB5058379) might cause lsass.exe to terminate unexpectedly, triggering an Automatic Repair. On devices with BitLocker enabled, BitLocker requires the input of your BitLocker recovery key to initiate the Automatic Repair.
Affected devices then enter one of two states:
-
Some devices might make several attempts to install update KB5058379 before Startup Repair successfully rolls back to the previously installed update.
-
Startup Repair might experience a failure that creates a reboot loop, which again initiates an Automatic Repair, returning the device to the BitLocker recovery screen.
Consumer devices typically do not use Intel vPro processors and are less likely to be impacted by this issue.
Resolution
This issue was resolved by Windows updates released May 19, 2025 (KB5061768), and later. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
How to get this update
EXPIRATION NOTICE
IMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
