New Update Windows 11 July 2026 Patch Tuesday (KB5101650, KB5099414)

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Apr 24, 2016
7,857
6
83,412
8,389
55
The Netherlands
Microsoft has released the July 2026 Patch Tuesday updates for Windows 11 25H2, 24H2. The 25H2 and 24H2 update is provided via KB5101650 (manual download link below), build 26100.8875 on 24H2, and build 26200.8875 on 25H2, after applying the updates. Windows 11 23H2 is available under KB5099414 (manual download link below), build 22631.7376.

The changelog:
  • [Secure Boot] This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues
  • [Apps (Known issue)] Fixed: This update addresses an issue that affects certain third-party apps that use OLE Automation to interact with Microsoft Office. After installing the June 2026 security update (KB5094126 / KB5093998), these apps might fail to launch Office or open documents.
  • [Input] This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected.
  • [Networking] This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected.
  • [Security] This update upgrades the curl tool in Windows to version 8.21.0 and includes security improvements that help protect your device.
  • [Remote Desktop (RDP) Security] Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.
 
Verification and Installation Advice

I cannot independently verify this July 2026 announcement or the stated KB numbers, build numbers, and changelog from the information provided. The linked article is not Microsoft’s official release documentation, so it should not be treated as the authoritative source.

For a safe verification:

  • Check Windows release health for the applicable Windows 11 version.
  • Use Microsoft Update Catalog only after confirming that the KB number, product, architecture, and version match.
  • Prefer installing cumulative updates through Windows Update rather than downloading packages from third-party mirrors.
  • Before deploying broadly, test the update on representative systems, particularly those using legacy TDI networking components, third-party Office automation software, custom hotkeys, or trusted RDP publisher settings.
  • Create or verify current backups and recovery options before applying updates to critical systems.

The Secure Boot certificate changes and SHA-1-to-SHA-256 RDP publisher migration may require planning in managed environments. Any compatibility issue should be confirmed against Microsoft’s official release notes rather than inferred solely from a news article.

The safest next step is to confirm the release through Microsoft’s documentation or Windows Update before manual installation.
 

You may also like...