CryptoLocker. WannaCry. DarkSide. Conti. MedusaLocker. Qilin. The ransomware threat has exploded over the past decade, and it isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world.

Ransomware gained in popularity in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demanding that you pay a ransom, frequently in Bitcoin or other cryptocurrency, to decrypt them. Now many ransomware gangs are switching tactics, stealthily infiltrating enterprise systems, collecting sensitive corporate data over time, and later threatening to expose that data if the organization doesn’t pay up.

Nevertheless, individuals and businesses are still at risk from traditional ransomware attacks. In this article, I’ll show you how to keep yourself safe in Windows 11 — and Windows 10 too, for those who haven’t yet moved to Windows 11 — including how to use an anti-ransomware tool built into both versions of Windows.

(Administrators, see “What IT needs to know about ransomware and Windows” at the end of this article.)

This article assumes that you’re already taking the basic precautions against malware in general, including running anti-malware software and never downloading attachments or clicking links in email from unknown senders and suspicious-looking email. Also note that this article has been updated for Windows 11 25H2 and Windows 10 22H2. If you have an earlier Windows release, some things may be different.

Use controlled folder access

Microsoft is concerned enough about ransomware that it built an easy-to-configure anti-ransomware tool directly into Windows 10 and 11. Called controlled folder access, it protects you by letting only safe and fully vetted applications access your files. Unknown applications or known malware threats aren’t allowed through.

By default, the feature is not turned on, so if you want to protect yourself against ransomware, you’ll have to tell it to get to work. And you can customize exactly how it works by adding new applications to its whitelist of programs that can access files, and adding new folders in addition to the ones that it protects by default.

To switch it on, you’ll need to access Windows Security. To get to it in Windows 11, click Start > Settings to open the Settings app, then select Privacy & Security > Windows Security.  

In Windows 10, click Start > Settings to open the Settings app, then select Update & Security > Windows Security.

In Windows Security, select Virus & threat protection. On the screen that appears, scroll down to the “Ransomware protection” section and click Manage ransomware protection. On the next screen, under “Controlled folder access,” toggle the switch to On. You’ll get a prompt asking if you want to make the change. Click Yes.

You shouldn’t leave it at that and feel safe yet, because there’s a chance that you have folders you’d like to protect that the feature ignores. By default, it protects Windows system folders (and folders underneath them) like C:\Users\UserName\Documents, where UserName is your Windows user name. In addition to Documents, Windows system folders include Desktop, Music, Pictures, and Videos.

But all your other folders are fair game for any ransomware that makes its way onto your PC.

To add folders you want protected, click the Protected folders link that appears after you switch on controlled folder access. A prompt appears asking if you want to make the change. Click Yes. Click the Add a protected folder button that is on top of the list of protected folders that appears, then navigate from the screen that appears to the folder you want to protect and click Select Folder.

Continue to add folders in this way. Remember that when you add a folder, all folders underneath it are protected as well.

If you decide at any point to remove a folder, get back to the “Protected folders” screen, click the folder you want to remove, and then click Remove. Note that you won’t be able to remove any of the Windows system folders that are protected when you turn the feature on. You can only remove the ones that you’ve added.

Microsoft determines which applications should be allowed access to protected folders, and unsurprisingly, among them are its own Microsoft Office apps. Microsoft hasn’t published a list of which apps are allowed, though, so consider taking action to let apps you trust access your files.

To do it, go back to the screen where you turned on controlled folder access and click Allow an app through Controlled folder access. A prompt appears asking if you want to make the change. Click Yes. From the screen that appears, click Add an allowed app, navigate to the executable file of the program you want to add, click Open, and then confirm you want to add the file. As with adding folders to the list of protected folders, you can remove the app by getting back to this screen, clicking the application you want to remove, then clicking Remove.

Hint: If you’re not sure where executable files are located for programs you want to add to the allow list, look for the folder name with the program’s name in the “WindowsProgram Files” or “WindowsProgram Files (x86)” folders, then look for an executable file in that folder.

Note: In Windows 11, OneDrive folders are automatically protected by controlled folder access when you turn it on. However, they may not necessarily be protected in Windows 10. In Windows 10, on the “Ransomware protection” page, you’ll be notified in the Ransomware data recovery section whether your OneDrive files are protected. If they’re not protected, click the Set up OneDrive button there.

Back up… but do it properly

The whole point of ransomware is to hold your files hostage until you pay to unlock them. So one of the best protections from ransomware is to back up your files. That way, there’s no need to pay the ransom, because you can easily restore your files from the backup.

It’s a good idea to not just back up to a local drive but additionally use a reputable cloud-based storage and backup service. If you back up to a drive attached to your PC, when your PC gets infected with ransomware, the backup drive will likely be encrypted along with any other disks inside or attached to your PC. Cloud backups are generally less vulnerable but not wholly immune to ransomware attacks.

Make sure that your backup service uses versioning — that is, it keeps not just the current version of each of your files, but previous ones as well. That way, if the most current version of your files gets infected, you can restore from previous versions. Most popular backup and storage services, including Microsoft OneDrive, Google Drive, Carbonite, Dropbox, and many others, use versioning. It’s a good idea to get familiar with the versioning feature of whichever service you use now, so you can easily restore files in a pinch.

Some services, including OneDrive and Google Drive, now offer ransomware detection. Users are notified of suspicious activity and can use the vendors’ tools to remove infected files and restore older versions.

Stay patched

Microsoft regularly releases Windows 10 and Windows 11 security patches, and they’re automatically applied via Windows Update. But if you hear about a ransomware outbreak, you shouldn’t wait for Windows Update to work — you should immediately get the update yourself so that you’re protected as soon as possible. And it’s not just Windows updates you want to get. You also want to make sure Windows Security, Microsoft’s built-in anti-malware tool, has the latest anti-malware definitions.

To do both in Windows 10, go to Settings > Update & Security > Windows Update and click the Check for updates button. In Windows 11, go to Settings > Windows Update and click the Check for updates button. (If updates are already waiting for you, you’ll see them listed instead of the Check for updates button.) If Windows finds updates, it installs them. If it requires a reboot, it will tell you.

You need to worry not just about Windows staying patched, but other software as well. If you use an anti-malware program other than Windows Security, make sure it and its malware definitions are up to date.

And the other software on your PC should be kept up to date as well. So check how each piece of software gets updated and make sure to update each one regularly. For help keeping all your apps up to date, consider setting up an automated tool like Patch My PC Updater or Software Update Monitor (see our tutorial “How to keep your apps up to date in Windows 10 and 11”) — or, if you’re comfortable using the command line, try the WinGet command (see “WinGet: The best way to keep Windows apps updated”).

Disable macros in Microsoft Office

Ransomware can be spread via macros in Office files, so to be safe you should turn them off. Microsoft now disables macros from the internet by default, but that doesn’t necessarily mean that they’re turned off in your version of Office, depending on when you installed it and whether you’ve updated it.

To turn them off, when you’re in an Office application, select File > Options > Trust Center > Trust Center Settings and select either Disable all macros with notification or Disable all macros without notification. If you disable them with notification, when you open the file you’ll get a message warning that the macros were disabled and letting you turn them on. Only turn them on if you’re absolutely sure they’re from a safe, trusted source.

Get ransomware protection and/or mitigation tools

Just about any anti-malware program includes built-in anti-ransomware protections, but there are several programs that promise to specifically target ransomware. Most are paid, but there are also some free options.

Bitdefender offers free decryption tools that can unlock your data if you’ve been attacked by ransomware and it’s being held ransom. They can only decrypt data that’s been encrypted with certain specific pieces or families of ransomware, including REvil/Sodinokibi, DarkSide, MaMoCrypt, WannaRen, and several others. Avast offers its own set of free decryption tools.

What IT needs to know about ransomware and Windows

Many Microsoft 365 and Windows commercial plans, especially at the enterprise level, include ransomware detection and protection tools. Advanced products such as Microsoft Defender XDR are also available under separate licenses.

Even without those tools, there’s plenty that admins can do to protect Windows systems from ransomware. The most obvious: Apply the latest security patches to not just all PCs in an organization, but all servers and any other enterprise-level hardware. Also lock down application permissions, train users to spot phishing attempts, and, of course, securely back up all corporate data.

IT also needs to make sure the notoriously insecure SMB1 Windows networking protocol is disabled in all devices. Multiple ransomware attacks have spread through the 30-year-old protocol; even Microsoft says it should be used by no one, ever.

The good news is that Windows 10 version 1709, released in October 2017, finally did away with SMB1. (It’s not in Windows 11, either.) But that’s only for PCs with clean installs of version 1709 or later. Older PCs that were updated from earlier versions of Windows still have the protocol built in.

The Microsoft support article “Detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows” offers details about how to turn off the protocol. It recommends killing SMB1 but keeping SMB2 and SMB3 active, and only deactivating them for temporary troubleshooting.

Administrators can use the controlled folder access feature (covered earlier in this article) to stop ransomware from encrypting files and folders of PCs running Windows 11 or Windows 10 version 1709 or later. They can use the Group Policy Management Console, the Windows Security Center, or PowerShell to turn on controlled folder access for users on a network, customize which folders should be protected, and let additional applications access the folders beyond the Microsoft defaults, as detailed  in the Microsoft articles “Enable controlled folder access” and “Customize controlled folder access.”

One potential issue with controlled folder access is that it might block apps that users typically use from accessing folders. So Microsoft recommends using audit mode first, to see what will happen when controlled folder access is turned on. For information about how to do it, go to Microsoft’s “Evaluate exploit protection” documentation.

As noted above, Office macros can spread ransomware. Microsoft is now blocking macros downloaded from the internet by default, but to be safe, IT should use Group Policy to block them. For advice on how to do it, go to the “Block macros from running in Office files from the Internet” section on Microsoft’s “Macros from the internet will be blocked by default in Office” documentation.

This article was originally published in January 2018 and most recently updated in May 2026.

A Windows launch isn’t the end a process — it’s really just the beginning. Microsoft continually works on improving Windows 11 by fixing bugs, releasing security patches, and occasionally adding new features.

In this story we summarize what you need to know about each update released to the public for the most recent version of Windows 11 — currently version 25H2 — over the past year. For each build, we’ve included the date of its release and a link to Microsoft’s announcement about it. The most recent updates appear first.

The easiest way to install updates is via Windows Update. Not sure how? See “How to handle Windows 10 and 11 updates” for full instructions. Note that Windows 11 version 25H2 is being released as a phased rollout and may not be available to you in Windows Update yet.

If you’re still using Windows 10, see “Windows 10: A guide to the updates.” And if you’re looking for information about Insider Program previews for upcoming feature releases of Windows 11, see “Windows 11 Insider Previews: What’s in the latest build?”

Updates for Windows 11 25H2 and 24H2

KB5089573 (OS Builds 26200.8524 and 26100.8524) Preview

Release date: May 26, 2026

With this update, Windows quality updates include additional high-confidence device targeting data, making more devices eligible to receive new Secure Boot certificates. The old certificates expire at the end of June: see Computerworld’s FAQ for details. The build also adds Group Policy and MDM settings that IT admins can enable to limit the Secure Boot service data sent to Microsoft. (See Microsoft documentation.)

This update also includes a wide variety of new features being rolled out gradually, including Shared Audio, which enables two Bluetooth audio devices to connect to a single Windows 11 PC at the same time; Multi-App Camera, which allows multiple applications to access the camera stream simultaneously; improved visibility into NPU usage in Task Manager; and several performance and behavior improvements for Windows Hello.

There is one known issue in the update, in which after you install update KB5089549, some devices might fail to complete installation with error code 0x800f0922. This issue occurs on devices that have limited free space on the EFI System Partition (ESP), especially if it has 10MB or less available.

(Get more info about KB5089573 Preview, including workarounds for the issue described above.)

KB5089549 (OS Builds 26200.8457 and 26100.8457)

Release date: May 12, 2026

This build enables dynamic status reporting for Secure Boot states in the Windows Security app. It also fixes a bug in which the Remote Desktop Connection security warning dialog sometimes rendered incorrectly in multi-monitor configurations with different display scaling settings.

It also includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and May 2026 Security Updates.

The build has one known issue: devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5089549.)

KB5083631 (OS Builds 26200.8328 and 26100.8328) Preview

Release date: April 30, 2026

This update includes a large number of new features being rolled out gradually, including File Explorer’s ability to handle new archive formats including uu, cpio, xar, and NuGet Packages (nupkg). Windows also gets a new way to monitor agents from the taskbar. It supports agents across first- and third-party apps, with Researcher in the Microsoft 365 Copilot app as the first adopter. 

Also being rolled out gradually is a security improvement that changes how the Windows kernel trusts third‑party drivers. Default trust for cross‑signed drivers is removed, while drivers from the Windows Hardware Compatibility Program (WHCP) and an allow list of trusted legacy drivers remain allowed. 

The update also includes several changes available immediately, including one that increases coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout. For more information, see Windows Secure Boot certificate expiration and CA updates.

A bug in the Remote Desktop Connection security warning dialog is being fixed immediately. Previously, the dialog could have rendered incorrectly in a multi-monitor scenario when the monitors had different scaling settings.

(Get more info about KB5083631 Preview.)

KB5083769 (OS Builds 26200.8246 and 26100.8246)

Release date: April 14, 2026

This update fixes several bugs, including one that caused device reset to fail when using the “Keep my files” or “Remove everything” options. It also improves protection against phishing attacks that use Remote Desktop (.rdp) files. For more information, see Understanding security warnings when opening Remote Desktop (RDP) files.

It also enables dynamic status reporting for Secure Boot states in Settings > Update & Security > Windows Security, with a green, yellow, or red badge indicating your current Secure Boot status. See Secure Boot certificate update status in the Windows Security app for more information.

The build also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and April 2026 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Update, April 15: Microsoft has confirmed an issue with this release: “Devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key.” See Microsoft’s KB5083769 information page for details and workarounds.

(Get more info about KB5083769.)

KB5086672 (OS Builds 26200.8117 and 26100.8117) Out-of-band

Release date: March 31, 2026

This update fixes a bug in which some devices running Windows 11 version 25H2 or 24H2 encountered the following error while installing the Windows preview update KB5079391 (listed below): “Some update files are missing or have problems. We’ll try to download the update again later. Error code: (0x80073712).”

(Get more info about Windows 11 KB5086672 Out-of-band.)

KB5079391 (OS Builds 26200.8116 and 26100.8116) Preview

Release date: March 26, 2026

This update includes a variety of new features being rolled out gradually, including one that allows you to turn Smart App Control (SAC) on or off without needing a clean install. To make changes, go to Settings > Windows Security > App & Browser Control > Smart App Control settings. When turned on, SAC helps block untrusted or potentially harmful apps. To learn more, see App & Browser Control in the Windows Security App.

The build also includes several improvements and bug fixes, including one that improves Application ID tagging in Application Control for Business policies. With this update, the system identifies which apps should receive tags more accurately and behaves more reliably, Microsoft says.

(Get more info about Windows 11 KB5079391 Preview.)

KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band

Release date: March 21, 2026

This update fixes a bug some users experienced when signing in to apps with a Microsoft account. Even when the device had a working internet connection, a “no Internet” error appeared during sign-in and prevented access to Microsoft services and apps such as Microsoft Teams Free and OneDrive.

(Get more info about KB5085516 Out-of-band.)

KB5079473 (OS Builds 26200.8037 and 26100.8037)

Release date: March 10, 2026

This build improves how Windows Defender Application Control (WDAC) handles COM objects allowlisting policies. COM objects were blocked when the endpoint security policy was set higher than the allowlisting policy. With this update, COM objects are allowed as expected.​ The build also introduces additional high confidence device targeting data to Windows quality updates, increasing coverage of devices eligible to automatically receive new Secure Boot certificates.

It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and March 2026 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5079473.)

KB5077241 (OS Builds 26200.7922 and 26100.7922) Preview

Release date: February 24, 2026

This update includes a variety of new features being rolled out gradually, including one in which Quick Machine Recovery (QMR) turns on automatically for Windows Professional devices that are not domain‑joined and not enrolled in enterprise endpoint management. For domain‑joined or enterprise managed devices, QMR stays off unless it is enabled by the organization.

It also includes several features available immediately, including one in which Windows quality updates include additional high-confidence device-targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.

(Get more info about KB5077241 Preview.)

KB5077181 (OS Builds 26200.7840 and 26100.7840)

Release date: February 10, 2025

This Patch Tuesday build fixes several bugs, including one that prevented some devices from connecting to certain WPA3‑Personal Wi‑Fi networks. It also includes a broad set of targeting data that identifies devices and their ability to receive new Secure Boot certificates. Devices will receive the new certificates only after they show sufficient successful update signals, which helps ensure a safe and phased rollout.

It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and February 2026 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5077181.)

KB5074105 (OS Builds 26200.7705 and 26100.7705) Preview

Release date: January 29, 2025

In this build, several new features are immediately available, including one for Data Protection Application Programming Interface (DPAPI) domain backup key management. Administrators can now set how often keys rotate automatically. This strengthens cryptographic security and reduces reliance on older encryption algorithms.

One new feature is being gradually rolled out: The Settings Agent now supports more languages, with expanded support for German, Portuguese, Spanish, Korean, Japanese, Hindi, Italian, and Chinese (Simplified).

A variety of bugs have been fixed, including one that caused some systems to stop responding during startup when Windows Boot Manager debugging was enabled.

Get more info about KB5074105 Preview.)

KB5078127 (OS Builds 26200.7628 and 26100.7628) Out-of-band

Release date: January 24, 2026

This update fixes a bug in which some applications were unresponsive or encountered unexpected errors when opening files from or saving files to cloud-based storage, such as OneDrive or Dropbox. In certain Outlook configurations that store PST files on OneDrive, Outlook sometimes hung and failed to reopen unless the process was terminated or the system was restarted. Users may have also experienced missing sent items or previously downloaded emails.

(Get more info about KB5078127 Out-of-band.)

KB5077744 (OS Builds 26200.7627 and 26100.7627) Out-of-band

Release date: January 17, 2026

This update fixes a bug in which some users experienced sign-in failures during Remote Desktop connections. This issue affected authentication steps for different Remote Desktop applications on Windows such as the Windows App.

There is one known issue in this build, in which the password icon might be missing or invisible in the lock screen sign-in options.

Get more info about KB5077744 Out-of-band.)

KB5074109 (OS Builds 26200.7623 and 26100.7623)

Release date: January 13, 2026

This build fixes several bugs, including one in which you might experience RemoteApp ​​​​​​​connection failures in Azure Virtual Desktop (AVD) environments. This might occur after installing KB5070311. It also updates the Windows core component, WinSqlite3.dll. Previously, some security software might have detected this component as vulnerable. 

It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and January 2026 Security Updates.

It has one known issue, in which you might notice that the password icon is not visible in the sign-in options on the lock screen. If you hover over the space where the icon should appear, you’ll see that the password button is still available. Select this placeholder to open the password text box and enter your password. After entering your password, you can sign in normally. People using Windows Home or Pro editions on personal devices are very unlikely to experience this issue. This issue primarily affects enterprise or managed IT environments.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5074109.)

KB5072033 (OS Builds 26200.7462 and 26100.7462)

Release date: December 9, 2025

This build fixes several bugs, including one in which File Explorer briefly flashed white when you navigated between pages.

It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and December 2025 Security Updates.

It has one known issue, in which the password icon might not be visible in the sign-in options on the lock screen. If you hover over the space where the icon should appear, you’ll see that the password button is still available. Select this placeholder to open the password text box and enter your password. After entering your password, you can sign in normally. People using Windows Home or Pro editions on personal devices are very unlikely to experience this issue — it primarily affects enterprise or managed IT environments.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5072033.)

KB5070311 (OS Builds 26200.7309 and 26100.7309) Preview

Release date: December 1, 2025

A variety of new features are being gradually rolled out in this build, including several for Copilot+ PCs. The Click to Do context menu in Copilot+ PCs now has a streamlined design that makes it easier to access frequently used actions such as Copy, Save, Share, and Open. In Copilot+ PCs you can now also use Windows Studio Effects, which provide AI-powered camera enhancements, on an additional camera such as a USB webcam or your laptop’s built-in rear camera.

New features being rolled out gradually to all Windows 11 PCs include a simplified File Explorer context menu for easier navigation. Common actions like Share, Copy, and Move now appear in a single organized menu.

A variety of bugs have been fixed for all PCs, including one in which the Local Security Authority Subsystem Service (LSASS) could become unstable due to an access violation.

There are two known issues in this build, one in which when opening File Explorer in dark mode, the window might briefly display a blank white screen before loading files and folders. In addition, the password icon is missing or invisible in the lockscreen sign-in options on some PCs. (Here’s a workaround for the latter bug.)

Get more info about KB5070311 Preview.)

KB5068861 (OS Builds 26200.7171 and 26100.7171)

Release date: November 11, 2025

This Patch Tuesday build fixes several bugs, including one in which closing Task Manager with the Close button didn’t fully end the process, leaving background instances that could slow performance over time.

It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and November 2025 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5068861.)

KB5067036 (OS Builds 26200.7019 and 26100.7019) Preview

Release date: October 28, 2025

A variety of new features are being gradually rolled out in this build, including several for Click to Do on Copilot+ PCs — notably a streamlined interaction between Click to Do and Copilot. You can now type a custom prompt directly into the text box, which sends your prompt and selected on-screen content to Copilot. Suggested prompts appear below the text box and are available for text selections in English, Spanish, and French. 

New features are being gradually rolled out for all Windows 11 PCs as well, including a redesigned Start menu, which includes scrollable “All” section and category and grid views. The menu now adapts to your screen size.

A variety of bugs have been fixed, including one in which text sometimes didn’t render correctly when editing content within a multiline text box in certain apps.

Get more info about KB5067036 Preview.)

KB5070773 (OS Builds 26200.6901 and 26100.6901) Out-of-band

Release date: October 20, 2025

This build fixes one bug, in which USB devices, such as keyboards and mice, did not function in the Windows Recovery Environment (WinRE). This issue prevented navigation of any of the recovery options within WinRE.

This build has one known issue: some digital TV and Blu-ray/DVD apps might not play protected content as expected after installing the August 29, 2025, Windows non-security preview update (KB5064081) or later updates. Apps that use Enhanced Video Renderer with HDCP enforcement or Digital Rights Management (DRM) for digital audio might show copyright protection errors, frequent playback interruptions, unexpected stops, or black screens. Streaming services are not affected. 

(Get more info about KB5070773 Out-of-band.)

KB5066791 (OS Builds 19044.6456 and 19045.6456)

Release date: October 14, 2025

This build fixes several bugs, including one that caused the print preview screen to stop responding in Chromium-based browsers.

It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and October 2025 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5066791.)

KB5065789 (OS Builds 26200.6725 and 26100.6725) Preview

Release date: September 29, 2025

This build gradually rolls out a wide variety of new features, including one in which you can use AI actions in File Explorer to edit images or summarize documents. To do it, right-click (or press Shift + F10 on the keyboard) on the file and select AI actions. 

Several bugs have also been fixed, including one in which you might not have been able to connect to shared files and folders if you were using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP NetBIOS (NetBT).

(Get more info about KB5065789 Preview.)

Windows 11 25H2

At the end of September, Microsoft upgraded Windows 11 from version 24H2 to 25H2, in a slow rollout that could take months to complete. Typically in the past, Microsoft would introduce new features in a once-a-year update like this. That’s not the case with 25H2, though.

Microsoft has been introducing new features in smaller updates all year round, so 25H2 doesn’t include any major new features. Rather, it includes all the new features that have accumulated in all those smaller updates.

As the company explains, “While this update doesn’t introduce major new features, it activates enhancements that have been gradually rolled out over the past year ensuring your device is up to date with the latest refinements.”

Here are some of the most important features in 25H2 that have been introduced for end users and IT pros since 24H2 was released last fall:

New features for users:

• File Explorer has several useful new features, notably AI actions, which can edit images or summarize documents. AI options such as Blur background, Erase objects, and Remove background are all now displayed in the context menu.
• Task Manager gets a number of minor tweaks, including performance improvements when changing the sort order of processes.
• You can now display the apps that have recently used on-device generative AI models provided by Windows. You can also choose which apps are permitted to use the generative AI technologies. To do that and more, go to Settings > Privacy & security > Text and Image Generation.

New features for IT:

• IT admins can use policy-based tools to easily remove preinstalled Microsoft Store apps from Enterprise and Education editions of Windows 11, version 25H2 and later. This can streamline device provisioning and prevent removed apps such as Microsoft Clipchamp, Media Player, and Microsoft Teams from being reinstalled. For more information, see Policy-based removal of preinstalled Microsoft Store apps and RemoveDefaultMicrosoftStorePackages in the ApplicationManagement Policy CSP.
• Enterprise access points now support Wi-Fi 7, which enables increased speeds, greater throughput, improved reliability, and enhanced security. For details, see https://aka.ms/WiFi7forEnterprise.
• Windows Backup for Organizations is now generally available.
• A new feature called Quick Machine Recovery can recover Windows devices when they encounter critical errors that prevent them from booting. Quick machine recovery searches for remediations in the cloud and recovers from widespread boot failures, reducing the burden on IT admins on cases when multiple devices are affected. For more information, see Computerworld’s Quick Machine Recovery explainer.

Updates for Windows 11 24H2

KB5068221 (OS Build 26100.6588) Out-of-band

Release date: September 22, 2025

This update fixes a bug that affected Microsoft Office applications running in Microsoft Application Virtualization (App-V) environments. The failure occurred due to a double handle closure in the AppVEntSubsystems32 or AppVEntSubsystems64 system component.

There is one issue in this build: you might fail to connect to shared files and folders using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP (NetBT). This issue can occur if either the SMB client or the SMB server has the September 2025 security update installed.

(Get more info about KB5068221 (OS Build 26100.6588) Out-of-band).

KB5065426 (OS Build 26100.6584)

Release date: September 9, 2025

This build fixes several bugs, including one that caused non-admin users to receive unexpected User Account Control (UAC) prompts when MSI installers performed certain custom actions, such as configuration or repair operations in the foreground or background during the initial installation of an application.

The build also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and September 2025 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5065426.)

KB5064081 (OS Build 26100.5074) Preview

Release date: August 29, 2025

A wide variety of new features are being gradually rolled out in this build, including a new personalized homepage in Windows Recall that displays your recent activity and top-used apps and websites (available only in Copilot+ PCs). Among the changes rolling out to all users is a new grid view for Search from the Windows taskbar that helps you more quickly and accurately identify the desired image within your search.

Several bugs have also been fixed, including one in which some system recovery features did not work properly due to a temporary file sharing conflict. This affected certain device management tools and disrupted key functions on some devices.

(Get more info about KB5064081 Preview.)

KB5063878 (OS Build 26100.4946)

Release date: August 12, 2025

This build fixes a bug that caused delays during sign-in on new devices. The delay was due to certain preinstalled packages. It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and August 2025 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5063878.)

KB5062660 (OS Build 26100.4770) Preview

Release date: July 22, 2025

A wide variety of new features are being gradually rolled out in this build, including a new agent in Copilot+ PCs that is designed to help you find and change settings on your PC. You can describe what you need help with, such as “how to control my PC by voice” or “my mouse pointer is too small,” and the agent will suggest steps to resolve the issue. The agent uses AI on your PC to understand your request and, with your permission, can automate and complete tasks for you. It is rolling out to Snapdragon-powered Copilot+ PCs now, with support for AMD and Intel PCs coming soon. 

Several bugs have also been fixed, including one in which If you have an app pinned to your desktop and it updates, the app icon might not display correctly and instead show a white page.

(Get more info about KB5062660 Preview.)

KB5064489 (OS Build 26100.4656) Out-of-band

Release date: July 13, 2025

This update fixes a bug that prevented some virtual machines (VMs) from starting when Virtualization-Based Security (VBS) was enabled. It affected VMs using version 8.0 (a non-default version) where VBS was offered by the host. In Azure, this applies to standard (non–Trusted Launch) General Enterprise (GE) VMs running on older VM SKUs. The problem was caused by a secure kernel initialization issue.

(Get more info about KB5064489 Out-of-band.)

KB5062553 (OS Build 26100.4652)

Release date: July 8, 2025

The build fixes several bugs, including one in which notification sounds didn’t play. Affected sounds included those for on-screen alerts, volume adjustments, and sign-in. It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and July 2025 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5062553.)

KB5060829 (OS Build 26100.4484) Preview

Release date: June 26, 2025

A wide variety of new features are being gradually rolled out in this build, including a new Settings home page that includes enterprise-specific device info cards for commercial customers on PCs managed by an IT administrator. The taskbar also now resizes icons to fit more apps when space runs low.

Users in the European Economic Area will see several small changes related to default browsers, such as mapping additional file and link types to the default browser and pinning it to the taskbar and Start menu.

A variety of bugs have also been fixed, including one that prevented the automatic renewal of expiring certificates in Windows Hello for Business.

There is one known issue in this build, in which blurry or unclear CJK (Chinese, Japanese, Korean) text appears when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. 

(Get more info about KB5060829 Preview.)

KB5063060 (OS Build 26100.4351) Out-of-band

Release date: June 11, 2025

This out-of-band update replaces the KB5060842 Patch Tuesday release, fixing a bug in which Windows sometimes restarted unexpectedly when users opened games that use the Easy Anti-Cheat service. Easy Anti-Cheat automatically installs with certain games to enhance security and prevent cheating in multiplayer online PC games. 

Note: In this build there are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. The issue is due to limited pixel density at 96 DPI, which can reduce the clarity and alignment of CJK characters. Increasing the display scaling improves clarity by enhancing text rendering.

(Get more info about KB5063060 Out-of-band.)

KB5060842 (OS Build 26100.4349)

Release date: June 10, 2025

After installing this update, Windows will retain system restore points for 60 days only. Restore points older than 60 days are not available. This 60-day limit will also apply to future versions of Windows 11, version 24H2.

The build fixes a bug that prevented users from signing in with self-signed certificates when using Windows Hello for Business with the Key Trust model.​​​​​​​ It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and June 2025 Security Updates.

Note: In this build there are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. The issue is due to limited pixel density at 96 DPI, which can reduce the clarity and alignment of CJK characters. Increasing the display scaling improves clarity by enhancing text rendering.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5060842.)

KB5058499 (OS Build 26100.4202) Preview

Release date: May 27, 2025

A wide variety of new features are being gradually rolled out in this build, including one in which Click to Do gets the new Ask Copilot action. When you highlight text or an image, Click to Do offers the Ask Copilot option. Selecting it opens Microsoft Copilot with your content in the prompt box. You can send the selected text or image directly to the Copilot app to complete your prompt.

A variety of bugs have also been fixed, including one in which devices with BitLocker on removable drives could encounter a blue screen error after resuming from sleep or hybrid-booting.

(Get more info about KB5058499 Preview.)

KB5061977 (OS Build 26100.4066) 

Release date: May 27, 2025

This out-of-band update fixes a bug in the direct send path for a guest physical address (GPA). This issue caused confidential virtual machines running on Hyper-V with Windows Server 2022 to intermittently stop responding or restart unexpectedly. As a result, service availability was affected, and manual intervention was required. This problem primarily impacted Azure confidential VMs.

(Get more info about KB5061977.)

KB5058411 (OS Build 26100.4061)

Release date: May 13, 2025

This update fixes two bugs, one in which your microphone might have muted unexpectedly, and the other in which the eye controller app didn’t launch. It also has a wide variety of security updates. For details, see Microsoft’s Security Update Guide and May 2025 Security Updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

(Get more info about KB5058411.)

KB5055627 (OS Build 26100.3915) Preview

Release date: April 25, 2025

This build gradually rolls out several new features for Copilot+ PCs, including a preview of Windows Recall. When you opt in, Recall takes snapshots of your activity so you can quickly find and go back to what you have seen before on your PC. With it, you can use a timeline to find the content you remember seeing.

Copilot+ PCs also get a new natural-language Windows search in which you can search for anything on your PC without having to remember specific file names, exact words in file content, or settings names. Just describe what you’re looking for. On Copilot+ PCs, you can also more easily find photos stored and saved in the cloud by typing your own words (like “summer picnics”) in the search box at the upper-right corner of File Explorer. 

All PCs get a number of new features, including speech recap, in which you can keep track of what Narrator has spoken and access it for quick reference. With speech recap, you can quickly access spoken content, follow along with live transcription, and copy what Narrator last said using keyboard shortcuts.

A variety of bugs are being fixed, including one in which some devices experienced intermittent internet connections when resuming from sleep mode. Several AI components have also been updated.

There are two known issues in this build, including one in which players on Arm devices are unable to download and play Roblox from the Microsoft Store on Windows.

(Get more info about KB5055627 Preview.)

KB5055523 (OS Build 26100.3775)

Release date: April 8, 2025

This update includes a wide variety of security updates. For details, see Microsoft’s Security Update Guide and April 2025 Security Updates. 

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

There are two known issues in this build, including one in which players on Arm devices are unable to download and play Roblox via the Microsoft Store on Windows. 

(Get more info about KB5055523.)