Microsoft Windows Server 2025 Update Version OS Build 26100.32860

Views
3

Your rating
Rate update installation process

Log in to rate this update.
Login

Risk factor
No ratings yet. Be the first to rate this update.

Smooth installs 0%
Minor issues 0%
Major issues 0%

Update Summary

KB5087539 for Windows Server 2025 (OS Build 26100.32860) delivers security fixes, quality improvements, Secure Boot rollout changes, and new AD CS post-quantum signature support. It also includes the servicing stack update KB5089717. Reference IDs: KB5082063, KB5091157, CVE-2025-59287.

Update Details

Security

  • Adds additional high-confidence device targeting data to expand controlled rollout of new Secure Boot certificates.
  • Introduces a new C:\Windows\SecureBoot folder on eligible devices with scripts to detect Secure Boot certificate update status and automate deployment.
  • Adds support for ML-DSA post-quantum signatures in Active Directory Certificate Services (AD CS) for code signing, TLS, and OCSP response signing.
  • Addresses a Remote Desktop Connection security warning dialog rendering issue after the April 2026 security update.
  • WSUS synchronization error details remain removed to mitigate CVE-2025-59287.

Bug Fixes

  • Improves reliability of SSDP notifications to help prevent the service from becoming unresponsive.
  • Supports the 2023 daylight saving time change for Egypt.
  • Improves LSASS performance on domain controllers with Microsoft Defender enabled by reducing CPU and memory usage during ETW collection of IDL_DRSGetNCChanges events.
  • Fixes incorrect Remote Desktop Connection security warning dialog rendering in multi-monitor setups with different scaling.

New Features

  • Adds support for ML-DSA-44, ML-DSA-65, and ML-DSA-87 post-quantum signatures in AD CS.
  • Adds a new C:\Windows\SecureBoot folder with sample scripts for Secure Boot certificate management in enterprise environments.

Known Issues

  • Some devices with an unrecommended BitLocker Group Policy configuration may be prompted for the BitLocker recovery key on the first restart after installing this update.
  • After installing Windows updates released on or after March 10, 2026, some users may see a "no Internet" error when signing in to Microsoft account apps even with connectivity.
  • WSUS does not display synchronization error details after KB5070881 or later updates.

Hints

  • If affected by the BitLocker issue, Microsoft recommends removing the TPM platform validation profile policy before installing the update, then running gpupdate /force and suspending/resuming BitLocker protectors.
  • Administrators should audit BitLocker policies for explicit PCR7 inclusion and verify PCR7 binding status in msinfo32.exe before installing the update.
  • The update includes non-security changes from KB5082063 and KB5091157.
  • The servicing stack update included is KB5089717 (OS Build 26100.32837).
  • Microsoft notes that Secure Boot certificates used by most Windows devices begin expiring in June 2026.
Product Information

Vendor: Microsoft

Product: Windows Server 2025

Version: OS Build 26100.32860

Release date: May 12, 2026

View All Updates