KB5074105

Microsoft has released preview update KB5074105 (build 26200.7701) for Windows 11 version 25H2 (2025 update). This cumulative package is intended for devices with x64 (amd64) and ARM64 processors and includes quality improvements, new features, and fixes. Changes are divided into two categories: gradual rollout (not available to all devices at once) and regular rollout (available to all devices immediately).

• Agent in the Settings app. Expanded language support for the agent: the feature is now available in German, Portuguese, Spanish, Korean, Japanese, Hindi, Italian, and Simplified Chinese. This change applies only to Copilot+ PC devices and falls under the gradual rollout category.
• Cross Device Resume. Users can continue on their PC tasks started on an Android smartphone, including Spotify playback, working in Word, Excel, PowerPoint, and web sessions. Vivo owners can continue pages from the Vivo browser. HONOR, OPPO, Samsung, Vivo, or Xiaomi users can work with online files from the Microsoft Copilot app on their phone — they will open in the Microsoft 365 app on the PC or in the browser. Offline files stored only on the smartphone are not supported.
• Windows MIDI Services. Improved work with MIDI 1.0 and MIDI 2.0, including automatic conversion, sharing MIDI ports between applications, custom port names, app-to-app interaction, as well as bug fixes and performance enhancements. The App SDK package and tools (MIDI Console, MIDI Settings) are distributed separately and are currently unsigned.
• Narrator. More flexible settings for announcing UI elements: users can choose which details to announce and in what order. Settings apply globally and help reduce redundant announcements.
• Device card on the Settings home page. Displays key PC characteristics and usage, along with a quick link to System > About. The card appears when signing in with a Microsoft account. The feature rollout has resumed after a pause in August 2025.
• Smart App Control (SAC). The feature can now be turned on or off without a clean reinstall of the system via Windows Security > App & browser control > Smart App Control. SAC helps block untrusted or potentially dangerous applications.
• Voice Access. The initial setup process has been simplified: an updated interface helps download the speech recognition language model, select a microphone, and learn to control Windows by voice.
• Voice Typing. Added a Delay before action setting, allowing users to adjust the pause before executing a voice command. This improves recognition accuracy and convenience for users with different speaking speeds.
• Windows Hello with Enhanced Sign-in Security (ESS). The feature now supports external fingerprint scanners, bringing more secure sign‑in to desktop PCs and other Windows 11 devices, including Copilot+ PCs. To set it up, connect a compatible scanner and go to Settings > Accounts > Sign-in options.
• Fixes in the Start menu. Resolved an issue where the sign-out warning when other users were logged in could be cut off by the edge of the Start menu. Also fixed a bug where, when using Arabic or Hebrew, the Start menu opened on the wrong side of the screen if taskbar icons were not center-aligned.
• Fixes in kiosk mode. Removed the error message Operation was canceled due to restrictions on this computer that could appear after signing into a multi-app kiosk.
• Fixes in Windows Update. Resolved an issue where attempting to join the Windows Insider Program via Settings > Windows Update could hang.
• Improvements in File Explorer. Increased responsiveness of File Explorer when working with network locations.
• Sign-in fixes. Resolved an issue where explorer.exe could hang during first sign-in if some applications were configured to start automatically, which could lead to the taskbar missing.
• Windows activation fixes. Fixed cases where proper license transfer during update failed because the device could not register with the activation server (required running the troubleshooter).
• Desktop icons. Icons no longer move spontaneously when working with files (e.g., when opening or renaming).
• Keyboard input fixes. Labels for adjusting character repeat delay in Settings > Bluetooth & devices > Keyboard are no longer displayed in reverse order.
• User Account Control (UAC) fixes. Resolved an issue where the PC could hang when attempting to launch Windows Terminal with elevated privileges from a non‑administrator account.
• Secure Boot. On Windows 11 version 24H2, Boot Manager updates are performed on devices where the Windows UEFI CA 2023 certificate is already present in the Secure Boot signature database. The bootmgfw.efi file signed in 2011 is replaced with a version signed in 2023. Resetting the database or re‑enabling Secure Boot may lead to a Secure Boot violation error; in rare cases, creating a Secure Boot recovery media may be required.
• Domain backup key management for DPAPI. Administrators can configure the automatic key rotation frequency for Data Protection API, improving cryptographic strength and reducing reliance on legacy encryption algorithms.
• Display and graphics fix. Resolved an issue with a black screen in isolated multi‑user environments, typically after a Windows update.
• Narrator startup fix. Fixed an error where Narrator might not start when installing Windows from an ISO image.
• iSCSI boot failure fix. Resolved an error where booting from iSCSI could fail with the message Inaccessible Boot Device.

Known issues. In this update, when installing Windows MIDI Services packages, a security warning may appear because the distributed packages are currently unsigned. Also, when resetting the Secure Boot database or re‑enabling Secure Boot, a Secure Boot violation error may occur, which in rare cases will require creating a special recovery media.

To install the update, go to Windows Update. Navigate to Settings > Windows Update and click Check for updates. After downloading the package, a system restart is required. After installation, the Windows 11 build will change to 26200.7701.

This update does not include changes related to the regular rollout for the Copilot+ PC category (gradual rollout), nor some other features that will be released separately. The App SDK package and MIDI tools (MIDI Console, MIDI Settings) are distributed separately and are available for download from the Windows MIDI Services page and on GitHub.

How the new features work:

Agent in the Settings app: This is a local AI agent running on the NPU of a Copilot+ PC. When processing voice or text commands, the agent calls Windows APIs to change settings without sending data to the cloud. Expanding language support means downloading corresponding speech recognition and text generation models from the system store, with verification of signed language packs.

Cross Device Resume: Uses Project Rome and Windows Push Notifications Services (WNS) to sync tasks between Android and PC. When resuming on the PC, an action URI or deep-link is passed, which Windows maps to registered handlers (ms-word:, http:). Offline files stored only on the phone are unsupported because there is no direct filesystem access to Android without a mediator.

Windows MIDI Services: A new stack based on WinRT and MMCSS for low latency. Automatic MIDI 1.0 <-> 2.0 conversion via protocol proxies inside the kernel. MIDI ports become shareable thanks to MIDI Endpoint Manager. The App SDK package is currently unsigned, requiring manual trust or test mode.

Narrator: A system for analyzing the UI tree via UIAutomation Core. User-defined settings for the order and composition of announced properties (Name, Role, Value, PositionInSet) are stored in the registry and applied as a filter before feeding to the speech synthesizer, reducing information noise without restarting the screen reader.

Device card on the Settings home page: The ms-settings: page queries model, RAM, CPU, build number via WMI and SMBIOS, and a manufacturer icon via DeviceMetadataService. It connects to Microsoft Account Activity Service to show usage time. The card is rendered using XAML Islands inside StartDocked.

Smart App Control (SAC): Based on Windows Defender Application Control (WDAC) and the cloud Intelligent Security Graph. When toggling without a clean reinstall, a flag in WdBoot.sys and registry HKLM\SYSTEM\CurrentControlSet\Control\CI\Policy is changed, then Managed Installer policy and signature + reputation checks are applied.

Voice Access: Uses an offline speech recognition model based on Windows Speech Recognition (WSR) and DLLMAIN for phonemes. The simplified wizard calls Settings > Privacy > Speech, downloads .grxml grammars via ISpRecognizer, checks microphones via MMDevice API, and runs AudioProcessing calibration for noise suppression.

Voice Typing: A Delay before action setting has been added to the Dictation pipeline (part of Windows Input eXperience). After a command is recognized, a timer in UIPI pauses execution for the specified milliseconds, helping distinguish intentional pauses from natural speech hesitations — reducing false command triggers.

Windows Hello with Enhanced Sign-in Security (ESS): ESS requires virtualization-based security (VBS) and a trusted TPM 2.0 with Enhanced Key (EK). An external fingerprint scanner authenticates via Windows Biometric Framework (WBF): the scanner driver communicates with Malipo API, and the fingerprint hash is protected by a secure channel to the TPM, never leaving the chip.

Fixes in the Start menu: Fixed a bounding‑box calculation error when rendering popup notifications via XAML Popup in StartExperienceHost.exe. For RTL languages, corrected the LayoutDirection logic — the menu now checks taskbar alignment via ITaskbarControl::IsCenterAligned, not just the system locale.

Fixes in kiosk mode: The error Operation was canceled due to restrictions occurred due to a failure in applying Mobile Device Management (MDM) + Assigned Access policies. The fix changed the order of AppLocker and Shell Launcher filter application, removing a false RPC_E_CALL_CANCELED call when signing into a multi‑app kiosk.

Fixes in Windows Update: Fixed a deadlock in MUS (Modern Update Stack) when joining the Windows Insider Program. Previously, a call to RegisterForUpdates in wuapi.dll would block waiting for a response from USO (Update Session Orchestrator). A timeout and asynchronous request queue have now been added.

Improvements in File Explorer: Improved responsiveness with network resources by reducing synchronous calls to WNetGetResourceInformation and GetFileAttributesEx. Introduced caching of DFS referral and asynchronous folder enumeration via IEnumIDList in a background thread.

Sign-in fixes: explorer.exe hanging during first sign‑in was caused by a race condition between autorun applications (Run registry key) and Shell Desktop initialization. The fix added a timeout for CoInitializeEx and a lock in ISM (Interrupt Service Manager) for the taskbar.

Windows activation fixes: The issue was a hardware binding (HWID) error with the activation server (licensing.microsoft.com) during upgrade. The Software Licensing Client (sppc.dll) behavior was fixed: it now retries with exponential backoff and correctly saves the license in Tokens.dat before reboot.

Desktop icons: Fixed a bug in SysListView32 (wrapper ShellFolderView): when a file was updated (rename, open), an incomplete list rebuild would shift icons. The fix blocks automatic LVN_ITEMCHANGED for non‑visual operations and applies SetItemPosition only after the action completes.

Keyboard input fixes: Labels for the key repeat delay (Repeat delay) in Settings > Bluetooth & devices > Keyboard appeared in reverse order due to incorrect binding to LTR/RTL .resw text resources. Fixed indexing in the ListView of KeyboardProperties parameters.

User Account Control (UAC) fixes: The hang when launching Windows Terminal with elevated privileges from a non‑administrator account was caused by waiting for Consent UI response in the same COM thread. Fixed by moving the ShellExecuteEx(runas) request to a separate asynchronous context with a timeout in IUAControl::Prompt.

Secure Boot: On 24H2, the Boot Manager is updated only if the Windows UEFI CA 2023 certificate is already present in the Secure Boot database. bootmgfw.efi (2011) is replaced with a 2023‑signed version. If you reset the DB, a verification error occurs because the old signature is missing. A recovery media may be required in rare cases.

Domain backup key management for DPAPI: An administrator can set the master key rotation frequency for DPAPI via Group Policy (GUID: {2A99C2B5-BB1E-42B1-A7AA-6273B9A9A2C6}). Lsass.exe generates a new key using CryptGenRandom and encrypts it with the Domain Controller public key. The old key is retained for decrypting legacy data.

Display and graphics fix: Black screen in isolated multi‑user environments occurred due to a DWM (Desktop Window Manager) error when switching sessions between different GPU drivers. Fixed by adding a check in IDXGIFactory::MakeWindowAssociation and forcing a D3D11 device reload on user switch.

Narrator startup fix: During Windows installation from an ISO, Narrator did not start because signed language models were missing in the WinPE environment where AppX deployment is unavailable. Fixed by pre‑extracting Microsoft.Windows.Narrator_8wekyb3d8bbwe into \Windows\SystemApps during audit mode.

iSCSI boot failure fix: The Inaccessible Boot Device error occurred due to a timeout in initializing the iSCSI Initiator (msiscsi.sys) before the network was ready. Fixed by adding a TimeoutInSeconds registry key under HKLM\SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters and changing the load order to GROUP_NDIS before mounting the root filesystem.

The last 10 Windows updates: