Microsoft is rolling out a series of updates for Windows, addressing security vulnerabilities and preparing users for future changes. A recent cumulative update for Windows 11, versions 25H2 and 24H2 (KB5074109), includes the latest security fixes and improvements, alongside non-security updates from the previous month’s optional preview release. More details about the update are available on Microsoft’s support website.
The company is also addressing an essential security concern regarding Windows Secure Boot certificates, which are set to expire starting in June 2026. Microsoft recommends users review guidance and take action to update certificates in advance to avoid potential boot issues. Further information on the certificate expiration and necessary steps can be found in the update documentation. This proactive approach to security highlights the ongoing challenges of maintaining a secure computing environment.
Microsoft is continuing the rollout of a redesigned Start menu to Windows devices. The rollout is gradual, meaning more users will receive the updated experience over time. This iterative approach to feature releases allows Microsoft to gather feedback and refine the user experience.
For users still utilizing Windows 10, Extended Security Updates (ESU) are available to help keep devices secure after support ended on October 14, 2025. The Windows 10 ESU program provides access to critical and important security updates defined by the Microsoft Security Response Center (MSRC). Enrollment in ESU is possible until October 13, 2026, but it does not include technical support or other types of fixes, feature improvements, or product enhancements. The availability of ESU offers a pathway for organizations transitioning to Windows 11.
Microsoft recently addressed 79 vulnerabilities in a Windows update, including two zero-day exploits discovered in March. These zero-day vulnerabilities were actively being exploited, making the update particularly critical for users to install promptly. The rapid patching of these vulnerabilities demonstrates Microsoft’s commitment to addressing immediate security threats.
The January 2026 security update will bring changes to KB identifiers for Windows Server 2025, which will have its own unique identifiers and build numbers. This change will not affect Windows 11, versions 24H2 or 25H2.
