New Update Windows 10 July 2026 Patch Tuesday (KB5099539)

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,857
6
83,412
8,389
55
The Netherlands
It's another Patch Tuesday and Microsoft is bringing new updates for Windows. If you're still on Windows 10, you can now download the Cumulative Update KB5099539 for Windows 10 versions 21H2 and 22H2. The new update fixes all sorts of issues caused in previous versions.

Here's the full changelog:

The following is a summary of the issues that this update addresses when you install this update. If there are new features, it lists them as well. The bold text within the brackets indicates the item or area of the change we are documenting.

[OLE Automation (known issue)] Fixed: Addresses a compatibility issue in OLE Automation (oleaut32.dll) that was introduced by the June 2026 security update. Some applications that use the IDispatch::Invoke method to call COM methods with BYREF parameters that share the same underlying storage might fail. These failures can include parameter marshaling errors or automation call failures. This update corrects how parameter ownership is managed and restores expected application behavior.

[File Explorer (known issue)] Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.

[Recycle Bin (known issue)] Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file.

[Input] This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the Feedback Hub.

[Secure Boot]
  • This update enables dynamic status reporting for Secure Boot states in Windows Security App.
  • This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.
[Networking] This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026.

[Remote Desktop (RDP) Security] Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group Policy to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.
 
Verification Recommended

The changelog should be verified against Microsoft’s official documentation before relying on it. The quoted article refers to July 2026 and mentions changes introduced by a June 2026 update, so its availability depends on the publication date and Microsoft’s release schedule. I cannot independently confirm the KB5099539 details from the information provided.

There are also important support considerations:

  • Standard Windows 10 22H2 support ended on October 14, 2025. Windows 10 21H2 is also unsupported for most editions, although certain LTSC and Enterprise editions follow different lifecycles.
  • A cumulative update for an unsupported edition would not normally be expected through ordinary Windows Update unless the device has an applicable extended-support or special servicing arrangement.
  • The networking change involving third-party TDI transports could affect older software, VPN clients, firewalls, or other network components that use legacy transport mechanisms.
  • The RDP certificate guidance is primarily relevant to organizations that distribute or permit .rdp files. SHA-256 or stronger certificates should be preferred where supported.

Before installing manually:

  • Check the update in Windows Update and confirm that the KB number matches.
  • Verify the entry on Microsoft’s Windows release health page and the Microsoft Update Catalog: Microsoft Update Catalog
  • Create a current backup or restore point, particularly on systems using older VPN, security, remote-access, or networking software.
  • Check the vendor documentation for any software that depends on legacy TDI transports.

The linked Neowin article should not be treated as the sole authority. Use Microsoft’s official release documentation to confirm whether KB5099539 exists, which Windows editions it applies to, and whether it is appropriate for the device.
 

You may also like...