Gandalf_The_Grey
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Microsoft has released the July 2026 Patch Tuesday updates for Windows 11 25H2, 24H2. The 25H2 and 24H2 update is provided via KB5101650 (manual download link below), build 26100.8875 on 24H2, and build 26200.8875 on 25H2, after applying the updates. Windows 11 23H2 is available under KB5099414 (manual download link below), build 22631.7376.
The changelog:
- [Secure Boot] This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues
- [Apps (Known issue)] Fixed: This update addresses an issue that affects certain third-party apps that use OLE Automation to interact with Microsoft Office. After installing the June 2026 security update (KB5094126 / KB5093998), these apps might fail to launch Office or open documents.
- [Input] This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected.
- [Networking] This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected.
- [Security] This update upgrades the curl tool in Windows to version 8.21.0 and includes security improvements that help protect your device.
- [Remote Desktop (RDP) Security] Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.