Microsoft has rolled out the KB5071546 extended security update, addressing a total of 57 security vulnerabilities, including three critical zero-day flaws. This update is particularly relevant for users operating Windows 10 Enterprise LTSC or those enrolled in the ESU program.
To install this update, users can navigate to Settings, select Windows Update, and perform a manual ‘Check for Updates’. Given the mandatory nature of this update, it will automatically install and prompt users to restart their devices upon completion.
Source: BleepingComputer
Upon installation, Windows 10 will be upgraded to build 19045.6691, while Windows 10 Enterprise LTSC 2021 will move to build 19044.6691.
What’s new in Windows 10 KB5071546
As Microsoft transitions away from introducing new features for Windows 10, the KB5071546 update focuses solely on enhancing security and rectifying bugs that may have emerged from previous updates.
Among the significant fixes is a remote code execution zero-day vulnerability in PowerShell, identified as CVE-2025-54100. This flaw could potentially allow malicious scripts embedded in a webpage to execute when accessed via the “Invoke-WebRequest” command. To mitigate this risk, PowerShell 5.1, the default version on Windows 10, will now issue a warning when using this command, alerting users to the potential execution of scripts on the page.
For users accessing untrusted pages, it is advisable to utilize the -UseBasicParsing command line argument to prevent embedded scripts from being executed. The following security warning will appear:
Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing switch to avoid script code execution.
Do you want to continue?
For further guidance on the appropriate use of this command-line flag, Microsoft has provided an advisory. Notably, the company has confirmed that there are no known issues associated with this update.
