April 14, 2026—KB5082200 (OS Builds 19045.7184 and 19044.7184)
Applies To
Release Date:
4/14/2026
Version:
OS Builds 19045.7184 and 19044.7184
Windows Secure Boot certificate expiration
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance.
For details and preparation steps for Windows devices, see Windows Secure Boot certificate expiration and CA updates.
For details and preparation steps for Windows servers, see the following resources:
Summary
This article lists the security issues and quality improvements included in this security update.
Applies to: Windows 10 ESU
Important: Use EKB KB5015684 to update to Windows 10, version 22H2.
This security update includes fixes and quality improvements that are part of the following updates:
The following is a summary of the issues that this update addresses when you install this update. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[Sign-In] Fixed: After you install the Windows update released on or after March 10, 2026, some users might experience an issue signing in to apps with a Microsoft account. Even when the device has a working Internet connection, a “no Internet” error appears during sign in and prevents access to Microsoft services and apps such as Microsoft Teams.
-
[Remote Desktop] This update improves protection against phishing attacks that use Remote Desktop (.rdp) files. When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default. A one-time security warning also appears the first time you open an .rdp file on a device. For more information, see Understanding security warnings when opening Remote Desktop (RDP) files.
-
[Secure Boot]
-
This update enables dynamic status reporting for Secure Boot states in the Windows Security App (Settings > Update & Security > Windows Security). Learn more about the status alerts via badges and notifications. Note that these enhancements are disabled by default on commercial devices and servers.
-
This update fixes an issue that could cause a device to enter BitLocker Recovery after Secure Boot updates.
-
With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
-
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the April 2026 Security Updates.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page.
Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.
Known issues in this update
We are currently not aware of any issues with this update
Applies to: Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021
Important: Use EKB KB5003791 to update to Windows 10, version 21H2 on supported editions.
This security update includes fixes and quality improvements that are part of the following updates:
The following is a summary of the issues that this update addresses when you install this update. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[Sign-In] Fixed: After you install the Windows update released on or after March 10, 2026, some users might experience an issue signing in to apps with a Microsoft account. Even when the device has a working Internet connection, a “no Internet” error appears during sign in and prevents access to Microsoft services and apps such as Microsoft Teams.
-
[Licensing] Improved: This update addresses an issue that affects Long-Term Servicing Channel (LTSC) image creation using Deployment Image Servicing and Management (DISM). DISM offline operations on the below editions could not apply security updates because of limits in licensing enforcement. Now, you can use DISM to add security packages during offline image creation for LTSC.
-
Windows 10 IoT Enterprise LTSC 2021
-
Windows 10 Enterprise G SKU
-
Windows 10 Enterprise N LTSC
-
-
[Remote Desktop] This update improves protection against phishing attacks that use Remote Desktop (.rdp) files. When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default. A one-time security warning also appears the first time you open an .rdp file on a device. For more information, see Understanding security warnings when opening Remote Desktop (RDP) files.
-
[Secure Boot]
-
This update enables dynamic status reporting for Secure Boot states in the Windows Security App (Settings > Update & Security > Windows Security). Learn more about the status alerts via badges and notifications. Note that these enhancements are disabled by default on commercial devices and servers.
-
This update fixes an issue that could cause a device to enter BitLocker Recovery after Secure Boot updates.
-
With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
-
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the April 2026 Security Updates.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 22H2, see its update history page.
Note Follow @WindowsUpdate to find out when new content is published to the Windows release health dashboard.
Known issues in this update
We are currently not aware of any issues with this update.
Windows 10 servicing stack update (KB5084130) - version 19041.7183
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improves the reliability of the update process and includes fixes to the servicing stack, the component that installs Windows updates.
Note: This servicing stack update (SSU) includes enhanced logic to verify whether a device is hosted on Azure, leveraging an updated certificate chain for validation. To ensure that the device can access the required certificate update domains to successfully download and install certificate updates, see Certificate downloads and revocation lists and Azure Certificate Authority details. To learn more about SSUs, see Servicing stack updates.
How to get this update
Before you install this update
Important You must have the latest Windows 10 servicing stack update (SSU) installed. Not installing the latest SSU before applying Windows updates might result in the Windows update not being offered until the latest SSU is installed.
Based on your installation scenario, choose one of the following:
-
For offline OS image servicing:
If your image does not have the July 25, 2023 (KB5028244) or later LCU, you must install the special standalone October 13, 2023 SSU (KB5031539) before installing this update.
-
For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:
If your devices do not have the May 11, 2021 (KB5003173) or later LCU, you must install the special standalone August 10, 2021 SSU (KB5005260) before installing this update.
Install this update
To install this update, use one of the following Windows and Microsoft release channels.
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update. |
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update for Business in accordance with configured policies. |
|
Available |
Next Step |
|
|
To get the standalone package for this update, go to the Microsoft Update Catalog website. For information about how to download and install updates from the Update Catalog, see How to download updates that include drivers and hotfixes from the Windows Update Catalog. |
|
Available |
Next Step |
|
|
This update will automatically sync with Windows Server Update Services (WSUS) if you configure Products and Classifications as follows:
To set up your WSUS server to sync based on products and classifications, see Synchronizing Update by Product and Classification. To manually import updates into WSUS, see Import updates into WSUS by using PowerShell. |
File information
A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.
Note: The English (United States) version of this software update might contain files for additional languages.
Related information
If you want to remove this update
CAUTION Before you decide to remove this update, please see Understanding the risks: Why you should not uninstall security updates.
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
Notice for Microsoft Store application updates
Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.
End of support information
Windows 10, versions 21H2/22H2 and Windows 10 Enterprise LTSC 2021 end of support
Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes on the following end dates:
♦ Windows 10, version 21H2: Support ended on June 13, 2023
♦ Windows 10, version 22H2: Support ended on October 14, 2025
♦ Windows 10 Enterprise LTSC 2021: January 12, 2027
♦ Windows 10 IoT Enterprise LTSC 2021: January 13, 2032
Note: To continue to receive critical and important security updates for Windows 10, see Windows 10 Extended Security Updates (ESU). Otherwise, we recommend you upgrade to a later version of Windows.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
