Skip to main content
CybersecurityVulnerability Management

Microsoft Bolsters Windows 10 Security with KB5099539 Update

Windows 10 laptop screen on a neutral surface with a blurred office background.

Microsoft's July 2026 Patch Tuesday fixed a record-breaking 570 vulnerabilities, and the company rolled those fixes into a single extended security update for Windows 10: KB5099539.

KB5099539 and the July 2026 Patch Tuesday

KB5099539 packages the July 2026 Patch Tuesday security updates — a set that Microsoft says corrects 570 vulnerabilities, including two that were exploited and one publicly disclosed zero-day flaw. The update is part of Microsoft's extended security support pathway for Windows 10 and contains no new features, focusing instead on security updates and bug fixes.

After installation, devices will report updated build numbers: Windows 10 devices move to build 19045.7548, and Windows 10 Enterprise LTSC 2021 devices move to build 19044.7548.

How to install KB5099539

Microsoft limits this update to Windows 10 Enterprise LTSC and devices enrolled in the Windows 10 Extended Security Updates (ESU) program. The company recently extended the free Windows 10 ESU program for consumers by an additional year, allowing enrolled devices to receive security updates until October 12, 2027.

If your device is eligible, Microsoft says you can install KB5099539 by going to Settings > Windows Update and performing a manual "Check for updates."

Compatibility and bug fixes addressed in KB5099539

  • OLE Automation (oleaut32.dll): Fixes a compatibility issue introduced by the June 2026 security update that could cause applications using IDispatch::Invoke with BYREF parameters sharing the same underlying storage to fail. Microsoft says the update corrects parameter ownership management to restore expected behavior.
  • File Explorer / OneDrive: Fixes an issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run in administrative mode.
  • Recycle Bin: Addresses a problem where the permanent-delete confirmation dialog might show an internal Recycle Bin file name instead of the file's original name.
  • Input / Hotkeys: Changes hotkey unregister and cleanup behavior. In rare cases, built-in Windows experiences that rely on the previous hotkey lifecycle might temporarily stop responding to certain shortcuts; Microsoft says a restart of the affected app typically resolves the problem and that persistent issues should be reported through the Feedback Hub.

Networking and Secure Boot changes: TDI enforcement and certificate rollout

KB5099539 introduces a network security hardening that enforces Transport Driver Interface (TDI) transport registration requirements. Microsoft warns that applications using sockets over unregistered third-party TDI transports might stop working after the update; registered TDI transports are not affected.

Microsoft provides a concrete diagnostic for impacted systems: check the Windows System event logs in Event Viewer > Windows > System for an AFD Event ID 16003 with the message "An unregistered TDI provider (\Driver<Name>) was detected." Microsoft says that finding indicates the TDI transport is affected by the change.

On Secure Boot, the update enables dynamic status reporting in the Windows Security app and includes additional high-confidence device targeting data to increase coverage of devices eligible to automatically receive new Secure Boot certificates. Microsoft says certificate deployment via Windows updates will continue across supported PCs and non-managed business devices in the coming months.

Remote Desktop (RDP) security guidance

The update adds support for SHA-2 certificate thumbprints for trusted RDP publishers while retaining SHA-1 only for backward compatibility, with SHA-1 planned for future removal. Microsoft provides new Group Policy guidance to control which .rdp files users can open, intended to help organizations reduce phishing risk. The company recommends IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.

What this means for IT administrators, enterprises, and end users

  • IT administrators and security teams: Should plan to verify enrollment status for ESU where needed, test line-of-business and legacy applications for TDI transport impacts, and review Event Viewer for Event ID 16003 if users report networking or socket failures.
  • Enterprises and procurement leaders: Need to account for the extended consumer ESU window through October 12, 2027, and evaluate certificate and RDP policy changes — in particular migration plans to SHA-256 thumbprints to avoid future compatibility problems.
  • End users: Eligible Windows 10 users and those running Enterprise LTSC can install KB5099539 via Windows Update; users encountering temporary hotkey or app issues should try restarting the affected app and report unresolved problems through the Feedback Hub.

KB5099539 is an update built to close a large set of vulnerabilities and to harden several platform behaviors, but it also introduces compatibility checks administrators must run — especially where legacy TDI transports and certificate management are concerned. For eligible systems, the next steps Microsoft outlines are straightforward: confirm ESU or LTSC eligibility, install via Windows Update, and watch Event Viewer for AFD Event ID 16003 if networking problems appear.

Original story