Microsoft released cumulative update KB5082200 for Windows 10, version 22H2 as part of the April 2026 Patch Tuesday for devices enrolled in the Extended Security Updates (ESU) program. The cumulative update package KB5026435 (Build 19045.7184) is intended for Windows 10 version 22H2 (2022 Update) on x86, x64 (amd64), and ARM64 processors. Support for Windows 10 has ended: as of October 14, 2025, the system only receives updates under the Extended Security Updates (ESU) program.
- Security improvements for internal OS functions. The update includes various security improvements for internal OS functions from April 2026. Patch Tuesday, April 2026: Microsoft fixed 167 security issues, including two zero-day vulnerabilities.
- Protection against phishing via RDP. Enhanced protection against phishing attacks using Remote Desktop (.rdp) files. When opening an .rdp file, all connection parameters are now displayed before the connection is established, and they are disabled by default. When opening such a file for the first time, a security warning also appears.
- Secure Boot certificate update status. In Windows Security (Settings > Privacy & Security > Windows Security), the status of Secure Boot certificate updates may now be displayed. The system shows notifications and status icons. On commercial devices, this feature is disabled by default.
- Precise detection of compatible devices for Secure Boot. As part of the Windows quality update, additional data has been added to precisely identify compatible devices. This expands the list of devices that can automatically receive new Secure Boot certificates. Certificates are installed gradually — only on devices where successful updates have been recorded, ensuring controlled rollout.
- Fix for BitLocker recovery issue. Fixed an issue that could cause the device to enter BitLocker recovery mode after Secure Boot updates.
After installing Windows updates released starting March 10, 2026, some users may have experienced an issue when signing into applications using a Microsoft account. Even with an active internet connection, an error no connection was displayed, which blocked access to services and applications, including Microsoft Teams.
The cumulative update KB5082200 for PCs is installed automatically via Windows Update. To check, go to Settings > Update & Security and click Check for updates. A system restart is required to complete the installation. After the update, the Windows 10 (version 22H2) build number will change to 19045.7184. The update does not include new system features, only quality improvements.
How the new features work:
Security improvements for internal OS functions: The update includes internal fixes in the kernel and critical subsystems (e.g., win32k.sys, ntoskrnl.exe). 167 vulnerabilities (including two zero‑days) are resolved. Code integrity mechanisms (PatchGuard) and process isolation are hardened to prevent privilege escalation.
Protection against phishing via RDP: When opening an .rdp file, the system parses its XML parameters and displays them before session start. Dangerous resource redirections (disks, printers, clipboard) are disabled by default. A MarkOfTheWeb tag is added for new files, triggering a security warning.
Secure Boot certificate update status: Windows Security adds a new data provider (Windows.SecurityCenter.SecureBoot) querying UEFI firmware for db and dbx variable status. Icons and notifications are shown. On commercial devices, this is disabled via Group Policy.
Precise detection of compatible devices for Secure Boot: The Windows quality update adds device ID hashes (SMBIOS GUID, UEFI version) to the registry (HKLM\SOFTWARE\Microsoft\SecureBoot\Compat). The system compares them with Microsoft’s approved list before deploying new certificates. Rollout is gradual — only for devices with successful update records.
Fix for BitLocker recovery issue: Fixed a bug in Secure Boot validation chain — after db/dbx certificate updates, the SecureBoot register in the TCG log was improperly updated. This caused PCR[7] mismatch between the bootloader and BitLocker. Measurements are now synchronized, preventing recovery mode.
Official announcement on the Microsoft website.
The last 10 Windows updates:
| Update | Build | Version | Windows | Channel | Date |
|---|---|---|---|---|---|
| KB5089507 | 26220.8474 | 25H2 | Windows 11 | Beta | 2026-05-15 |
| KB5089499 | 26300.8493 | 25H2 | Windows 11 | Experimental | 2026-05-15 |
| KB5089497 | 28020.2134 | 26H1 | Windows 11 | Experimental | 2026-05-15 |
| KB5089570 | 28000.2176 | 26H1 | Windows 11 | Preview | 2026-05-14 |
| KB5089573 | 26200.8521 | 25H2 | Windows 11 | Preview | 2026-05-19 |
| KB5087420 | 22631.7079 | 23H2 | Windows 11 | Stable | 2026-05-12 |
| KB5089548 | 28000.2113 | 26H1 | Windows 11 | Stable | 2026-05-12 |
| KB5087544 | 19045.7291 | 22H2 (ESU) | Windows 10 | Stable | 2026-05-12 |
| KB5089549 | 26200.8457 | 24H2/25H2 | Windows 11 | Stable | 2026-05-12 |
| KB5089417 | 26220.8370 | 25H2 | Windows 11 | Beta | 2026-05-08 |