• 2 min read
Windows 10 gets KB5099539 with July’s 570 security fixes
Microsoft has released Windows 10 KB5099539 for ESU users and Enterprise LTSC, rolling in July 2026 Patch Tuesday fixes and raising builds to 19045.7548 and 19044.7548.

Image: BleepingComputer
Microsoft has shipped Windows 10 KB5099539, an Extended Security Update that bundles the July 2026 Patch Tuesday fixes plus additional security improvements. The release is available to systems running Windows 10 Enterprise LTSC or devices enrolled in Microsoft’s ESU program.
That matters because Microsoft quietly expanded its free Windows 10 Extended Security Updates program for consumers last month. Instead of just one year, enrolled consumer devices can now continue receiving security updates until October 12, 2027.
Users on eligible systems can install KB5099539 through Settings > Windows Update and then Check for Updates.

Recommended reading
8BitDo’s retro desk trio nails the NES look
After installation, Windows 10 moves to build 19045.7548, while Windows 10 Enterprise LTSC 2021 moves to build 19044.7548.
Microsoft is no longer adding new features to Windows 10, so KB5099539 is mainly about security fixes and bug patches. It includes the same record-setting July 2026 security release that fixed 570 vulnerabilities across Microsoft products, including two exploited zero-days and one publicly disclosed zero-day. About 300 of those 570 flaws affect Windows 10 Version 22H2.
The update also fixes several known issues, including:
- OLE Automation compatibility problems introduced by the June 2026 security update
- A File Explorer bug that could break the OneDrive shortcut when File Explorer runs in administrator mode
- A Recycle Bin issue where the delete confirmation dialog could show an internal file name instead of the original one
- An input change affecting hotkey unregister and cleanup behavior in rare cases
- Secure Boot status reporting updates in the Windows Security App
- RDP security improvements, including support for SHA-2 certificate thumbprints for trusted publishers, while SHA-1 remains for backward compatibility only
Microsoft also warns that a deliberate networking security hardening change now enforces TDI transport registration requirements. That may break legacy apps using sockets over unregistered third-party TDI transports.
“To determine if you have a TDI transport that is affected by this change, check the Windows System event logs in Event Viewer > Windows > System.” “If you find an AFD Event ID: 16003 'An unregistered TDI provider (\Driver<Name>) was detected', then your TDI transport is affected by this change.”
If that event does not appear, Microsoft says there are no known issues with this update.
Computing Editor
Tomas lives in the terminal. He covers chips, laptops, and operating systems with a focus on performance and efficiency. He reads kernel changelogs the way other people read fiction, and he's always on the hunt for the perfect mechanical keyboard switch. If it processes data, Tomas has an opinion on it.
via BleepingComputer


