Microsoft has published an extended security update for Windows 10 with KB5078885 number that fixes the parcheed vulnerabilities in the March 2026 Patch Tuesday. If your organization uses Windows 10 Enterprise LTSC or is registered in the ESU (Extended Security Updates) program, this update is available through Windows Update and its installation is the same as any other update: it opens Settings, go to Windows Update and click on "Find updates." After installation, the affected versions will be updated to the compilation numbers 19045.7058 for Windows 10 and 19044.7058 for Windows 10 Enterprise LTSC 2021.
The update does not include new features: its objective is to tighten safety and correct errors introduced by previous updates. In total, Microsoft addresses 79 vulnerabilities in this package, including two failures listed as zeroday that were being actively exploited. For those who want to review the official note and the complete list of corrections, Microsoft keeps the technical documentation on its support page: KB5078885 - Microsoft Support. In addition, the coverage of the news in specialized media provides additional context on the nature of the failures and the risks exploited: for example BleepingComputer.
Among the technical corrections included in KB5078885 are solutions for various problems: from improvements in graphic stability and the File History function to a specific File Explorer correction that reestablishes custom folder names when there were desktop.ini files with LocalizedResource Name. One of the most relevant arrangements for corporate administrators and users is the solution to a failure that prevented certain Secure Launch and Virtual Secure Mode (VSM) teams from shutting down or entering hibernation correctly: after the update, the teams that were once reboot instead of shutdown should recover the expected behavior.
In addition, Microsoft continues the controlled deployment of new Secure Boot certifications to replace old certificates (dated 2011) that expire in June 2026. These signatures are used to validate Windows boot components and third-party boot loaders; if they expire, a window could be opened so that malicious actors avoid protective measures at the start of the system. The process of delivery of these certificates is carried out in a gradual manner and based on telemetry of updating the device to minimize risks during implementation. To better understand how Secure Launch works and what VSM is, Microsoft offers useful technical documentation: Secure Launch - MS Learn and Virtual Secure Mode (VSM) - MS Learn. Information on the replacement of Secure Boot certificates is available at: Windows Secure Boot Certificate Expiration and CA Updates - Microsoft Support.
If you manage business environments, the practical recommendation is to apply the update as soon as possible in equipment with Internet access or handling sensitive information, following the corresponding tests in pre-production environments. Although Microsoft reports that there are no known problems associated with KB5078885 at the time of its publication, good practices remain in place: it backs up before deploying large-scale changes, tests the update on a representative hardware subset and sets up maintenance windows to avoid surprises in critical systems.
For domestic users who are not part of the ESU program or who are in Windows 10 versions that no longer receive new features, this update will not be distributed in general. If you are not sure if your team is within the eligible group, check Microsoft's support policies or talk to your IT department. More information on how the updates and the product life cycle work can be found in the official Microsoft documentation and technical articles that analyze each Patch Tuesday.
In short: KB5078885 is a focused security delivery that fixes critical vulnerabilities (including two zerodays) and solves specific problems such as off failure in Secure Launch and VSM equipment. If you manage Windows 10 Enterprise LTSC facilities or use ESU, plan its deployment soon and with due evidence to keep the systems safe and stable.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...
PinTheft the public explosion that could give you root on Arch Linux
A new public explosion has brought to the surface again the fragility of the Linux privilege model: the V12 Security team named the failure as PinTheft and published a concept t...