Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings.
If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’
Source: BleepingComputer
After installing this update, Windows 10 will be updated to build 19045.7291, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.7291.
What’s new in Windows 10 KB5087544
Microsoft is no longer releasing new features for Windows 10, and the KB5087544 update primarily contains security updates and bug fixes. With today’s May 2026 Patch Tuesday, Microsoft has fixed 120 vulnerabilities.
The complete list of fixes in KB5087544 is listed below:
-
[Remote Desktop security warnings (known issue)] Fixed: The Remote Desktop Connection security warning dialog might render incorrectly in multi-monitor configurations with different display scaling settings. This issue might occur after installing the Windows security update released on April 14, 2026 (KB5087544).
-
[Secure Boot]
-
This update enables dynamic status reporting for Secure Boot states in Windows Security App.
-
With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
-
-
[Daylight Savings Time] Update for Arab Republic of Egypt to support the government DST change order in 2023.
As explained in the changelog above, this update fixes an issue that caused newly introduced Windows RDP security warnings to display incorrectly when opening Remote Desktop (.rdp) files.
Microsoft is also warning of a known issue that causes Windows to prompt users to enter their BitLocker recovery key after installing recent updates.
The problem only affects systems using a specific BitLocker Group Policy configuration that includes PCR7 in the TPM validation profile, along with several Secure Boot and boot manager conditions tied to the newer Windows UEFI CA 2023 certificate.
As a temporary workaround, Microsoft advises removing the affected Group Policy setting and then suspending and resuming BitLocker to regenerate the default PCR bindings while it works on a permanent fix.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
