Microsoft has rolled out the Windows 10 KB5087544 extended security update, addressing vulnerabilities identified during the May 2026 Patch Tuesday and rectifying issues related to the new Remote Desktop warnings.
For users operating on Windows 10 Enterprise LTSC or those enrolled in the ESU program, the installation process remains straightforward. Simply navigate to Settings, select Windows Update, and perform a manual ‘Check for Updates’.
Source: BleepingComputer
Upon successful installation, Windows 10 will be upgraded to build 19045.7291, while Windows 10 Enterprise LTSC 2021 will transition to build 19044.7291.
What’s new in Windows 10 KB5087544
As Microsoft has shifted its focus away from introducing new features for Windows 10, the KB5087544 update is predominantly centered around security enhancements and bug resolutions. This month’s Patch Tuesday has successfully addressed 120 vulnerabilities.
The key fixes included in KB5087544 are as follows:
-
[Remote Desktop security warnings (known issue)]
Resolved: An issue where the Remote Desktop Connection security warning dialog could display incorrectly in multi-monitor setups with varying display scaling settings. This problem emerged following the installation of the Windows security update released on April 14, 2026 (KB5087544).
-
[Secure Boot]
- This update introduces dynamic status reporting for Secure Boot states within the Windows Security App.
- Additionally, Windows quality updates will now incorporate enhanced high-confidence device targeting data, broadening the range of devices eligible to automatically receive new Secure Boot certificates. Devices will only obtain these new certificates after demonstrating adequate successful update signals, ensuring a controlled and phased rollout.
-
[Daylight Savings Time]
Adjustment for the Arab Republic of Egypt to align with the government’s DST change order in 2023.
This update effectively addresses the issue that led to the improper display of newly introduced Windows RDP security warnings when accessing Remote Desktop (.rdp) files.
However, Microsoft has also issued a caution regarding a known issue that prompts users to input their BitLocker recovery key following the installation of recent updates. This complication specifically impacts systems utilizing a particular BitLocker Group Policy configuration that includes PCR7 in the TPM validation profile, along with various Secure Boot and boot manager conditions associated with the newer Windows UEFI CA 2023 certificate.
As a temporary solution, Microsoft recommends removing the affected Group Policy setting and subsequently suspending and resuming BitLocker to regenerate the default PCR bindings while they work towards a permanent resolution.
