Windows 10 KB5087544 out with Secure Boot status update, direct download links for .msu

Peer Networks UK Windows Latest Windows 10 KB5087544 out with Secure Boot status update, direct download links for .msu
13 May 2026

Windows 10 KB5087544 is now available as part of Microsoft’s May 2026 Patch Tuesday, and it’s a mandatory update that’ll download automatically as long as you’ve signed up for ESU (Extended Security Update). Microsoft has also posted direct download links for KB5087544 offline installers (.msu), but they don’t work unless you’ve ESU active.

If you haven’t checked for updates yet, this patch shows up as “May 2026 update for Windows 10” and is labeled “2026-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5087544).”

2026-05 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5087544)

In our tests, Windows Latest observed that Windows 10 KB5087544 takes less than five minutes to download and install. The May 2026 update bumps the OS to Windows 10 Build 19045.7291 and patches several security issues.

Download Links for Windows 10 KB5087544

Windows 10 KB5087544 Direct Download Links: 64-bit and ARM-64 | This opens Microsoft Update Catalog, where you can download the update in .msu, but you don’t have to use it in most cases. I recommend using Windows Update, but if that’s failing, and you’re unsure what to do, try your luck with Update Catalog.

You can download and install the Windows 10 May 2026 update from Settings > Updates & Security > Windows Update.

What’s new in Windows 10 Build 19045.7291?

Windows 10 Build 19045.7291 doesn’t include any major changes, but it does include at least one notable feature. With the May 2026 Update, Microsoft is bringing Secure Boot status to the Windows Security app. Previously, it was not easy to verify whether your Secure Boot certificate is updated on Windows 10.

Now, the Windows Security App features dynamic status reporting for Secure Boot states. Additionally, Microsoft is pushing out new Secure Boot certificates using a controlled, phased rollout. Devices will only receive these updated certificates after they demonstrate sufficient successful update signals, relying on high-confidence device targeting data to prevent boot failures.

This phased rollout helps ensure device stability, especially with older Secure Boot certificates slated to expire in June 2026.

Remote Desktop fixes and other improvements

If you use multiple desktops, you will be happy to know that this update resolves an annoying visual bug where the Remote Desktop Connection security warning dialog would render incorrectly or appear distorted on multi-monitor setups that use different display scaling settings. This particular bug was accidentally introduced in the April 2026 update (KB5082200), and build 19045.7291 finally squashes it.

The update also includes a minor time zone adjustment for the Arab Republic of Egypt, updating the system to support the government’s Daylight Saving Time change order from 2023.

Known issues with Windows 10 May KB5087544 update?

Microsoft has highlighted a notable known issue with this release that primarily affects enterprise users. If your device uses an unrecommended BitLocker Group Policy configuration, you might be asked to enter your BitLocker recovery key during the first restart after installing KB5087544.

This issue triggers under a very specific set of conditions:

  • BitLocker is actively enabled on your primary OS drive.
  • The Group Policy for TPM platform validation is configured to explicitly include PCR7.
  • Your System Information (msinfo32.exe) reports that Secure Boot State PCR7 Binding is “Not Possible”.
  • The Windows UEFI CA 2023 certificate is present in the device’s Secure Boot Signature Database.

Fortunately, this is a one-time prompt. Subsequent restarts will not trigger the BitLocker recovery screen. If you are an IT administrator, Microsoft recommends temporarily setting the “Configure TPM platform validation profile for native UEFI firmware configurations” policy to “Not Configured” before deploying the May 2026 update to avoid the recovery screen entirely.

Servicing Stack Updates and Deployment

As is standard practice, Microsoft has combined the latest Servicing Stack Update (SSU KB5084130, version 19041.7183) with this cumulative update. This specific SSU brings enhanced logic to verify if a device is hosted on Azure, utilizing an updated certificate chain for validation to ensure Azure-hosted devices can successfully download and install future certificate updates.

If you have already moved past Windows 10, Microsoft has also rolled out a massive update for newer devices today. You can check out our comprehensive coverage of the Windows 11 May 2026 Patch Tuesday update, which introduces the new full-screen Xbox Mode, eliminates File Explorer’s dark mode visual glitches, and brings significant performance optimizations.

The post Windows 10 KB5087544 out with Secure Boot status update, direct download links for .msu appeared first on Windows Latest