September 9, 2025—KB5065427 (OS Build 14393.8422)
Applies To
Release Date:
9/9/2025
Version:
OS Build 14393.8422
Windows Secure Boot certificate expirationÂ
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.
Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.
Support for Windows 10 will end in October 2025
After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.
Support for Windows Server 2016 will end in January 2027
After January 12, 2027, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows Server 2016. We recommend that you upgrade to a later version of Windows Server.
Summary
This article lists the security fixes and quality improvements included in this security update.
Applies to: Windows 10 IoT Enterprise 2016 LTSB ​​​​​​​
This security update includes fixes and improvements that are a part of the following update:
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[App compatibility (known issue)]Â Fixed:Â Addresses an issue that caused non-admin users to receive unexpected User Account Control (UAC) prompts when MSI installers perform certain custom actions. These actions might include configuration or repair operations in the foreground or background, during the initial installation of an application.
This issue could prevent non-admin users from running apps that perform MSI repairs, including Office Professional Plus 2010 and multiple applications from Autodesk (including AutoCAD). This fix reduces the scope for requiring UAC prompts for MSI repairs and enables IT admins to disable UAC prompts for specific apps by adding them to an allowlist. For more information, see Unexpected UAC prompts when running MSI repair operations after installing the August 2025 Windows security update.
-
[File Server] New! This update enables auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA. This allows customers to assess their environment and identify any potential device or software incompatibility issues before deploying the hardening measures that are already supported by SMB Server. For detailed guidance, see CVE-2025-55234 | Windows SMB Elevation of Privilege Vulnerability​​​​​​​.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the September 2025 Security Updates.
For more information about Windows 10, version 1607, see its update history page.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
Applies to: Hyper-V Server 2016Â
This security update includes fixes and improvements that are a part of the following update:
The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[App compatibility (known issue)]Â Fixed:Â Addresses an issue that caused non-admin users to receive unexpected User Account Control (UAC) prompts when MSI installers perform certain custom actions. These actions might include configuration or repair operations in the foreground or background, during the initial installation of an application.
This issue could prevent non-admin users from running apps that perform MSI repairs, including Office Professional Plus 2010 and multiple applications from Autodesk (including AutoCAD). This fix reduces the scope for requiring UAC prompts for MSI repairs and enables IT admins to disable UAC prompts for specific apps by adding them to an allowlist. For more information, see Unexpected UAC prompts when running MSI repair operations after installing the August 2025 Windows security update.
-
[File Server] New! This update enables auditing SMB client compatibility for SMB Server signing as well as SMB Server EPA. This allows customers to assess their environment and identify any potential device or software incompatibility issues before deploying the hardening measures that are already supported by SMB Server. For detailed guidance, see CVE-2025-55234 | Windows SMB Elevation of Privilege Vulnerability​​​​​​​​​​​​​​.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the September 2025 Security Updates.
For more information about Windows 10, version 1607, see its update history page.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.
Known issues in this update
Microsoft is not currently aware of any issues with this update.
How to get this update
Before you install this update
To install any Windows 10, version 1607 cumulative update released on or after January 14, 2025, you must first install the latest Servicing Stack Update (SSU). If your device or offline image does not have the latest SSU installed, you cannot install this update.
Caution Until you install the SSU, this update will not be offered to your device. To reduce your security risk, install the SSU as soon as possible.
-
If you use Windows Update, the latest SSU (KB5065687) will be offered to you automatically. After the latest SSU is installed, you will be able to install this update.
-
If you use Windows Update for Business, the latest SSU (KB5065687) will be offered to you automatically. After the latest SSU is installed, you will be able to install this update.
-
If you use the Update Catalog, you must download and install the latest SSU (KB5065687). After the latest SSU is installed, you will be able to install this update.
-
If you are a Windows Server Update Services (WSUS) administrator, you must approve SSU KB5065687 and this update KB5065427.
For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Install this update
To install this update, use one of the following Windows and Microsoft release channels.
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update and Microsoft Update. |
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update for Business in accordance with configured policies. |
|
Available |
Next Step |
|
|
To get the standalone package for this update, go to the Microsoft Update Catalog website. For information about how to download and install updates from the Update Catalog, see How to download updates that include drivers and hotfixes from the Windows Update Catalog. |
|
Available |
Next Step |
|
|
This update will automatically sync with Windows Server Update Services (WSUS) if you configure Products and Classifications as follows: Product: Windows 10 Classification: Security Updates |
File information
A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
