Home/KB Catalog/KB5087539

KB5087539: Overview with user sentiment and feedback

Last Updated June 11, 2026

Probability of successful installation and continued operation of the machine

0%
20%
40%
60%
80%
100%
55%
Known Issues

Overview

KB5087539 is a cumulative security update released on May 12, 2026, for Windows Server 2025 (all editions), addressing OS Build 26100.32860. This update consolidates the latest security fixes and quality improvements from previous months, specifically incorporating updates from KB5082063 (April 14, 2026) and KB5091157 (April 19, 2026). The update is distributed as a combined package that includes both the Servicing Stack Update (SSU KB5089717) and the Latest Cumulative Update (LCU), ensuring a robust and reliable servicing infrastructure for Windows Server systems.

The update addresses critical infrastructure concerns, including the impending Secure Boot certificate expiration beginning in June 2026, which poses potential boot security risks for devices not updated in time. Microsoft has implemented a phased rollout approach with enhanced device targeting data to ensure controlled distribution of new Secure Boot certificates. Additionally, the update introduces support for post-quantum cryptography through Module-Lattice-Based Digital Signature Algorithm (ML-DSA) in Active Directory Certificate Services, positioning organizations for future quantum-resistant security implementations.

General Purpose

This cumulative update serves multiple critical functions for Windows Server 2025 infrastructure. The primary focus addresses security vulnerabilities and system stability through consolidated fixes from multiple preceding updates. A significant component involves Secure Boot certificate management, where the update delivers new certificates to eligible devices after confirming successful update signals, maintaining a controlled deployment strategy. The update includes automation scripts within a new SecureBoot folder under C:Windows, enabling IT professionals to detect certificate update status and orchestrate safe rollout mechanisms across Active Directory environments.

Beyond security, the update delivers substantial performance improvements for domain controllers running Microsoft Defender, specifically reducing CPU and memory consumption during Event Tracing for Windows collection operations. Connectivity reliability receives attention through improved Simple Service Discovery Protocol (SSDP) notification handling to prevent service unresponsiveness. The update also addresses regional requirements by supporting the 2023 Daylight Saving Time change for Egypt and introduces post-quantum cryptography capabilities through ML-DSA support in Active Directory Certificate Services, allowing administrators to issue quantum-resistant certificates for code signing, TLS, and OCSP response signing. Additionally, it resolves a Remote Desktop Connection rendering issue affecting multi-monitor scenarios with different scaling configurations.

General Sentiment

Community sentiment regarding KB5087539 presents a notably mixed picture with significant concerns emerging from deployment experiences. While the update addresses important security vulnerabilities and introduces forward-looking quantum-resistant cryptography features that are strategically valuable, multiple users report serious installation failures that undermine confidence in its reliability. The most prevalent issue involves error code 0x800f0982 (PSFX_E_MATCHING_COMPONENT_NOT_FOUND) and 0x800736b3 (ERROR_SXS_ASSEMBLY_NOT_FOUND), with affected users experiencing installation failures at approximately 93% completion despite multiple remediation attempts.

User frustration is particularly evident among administrators managing older Dell server hardware and those who installed Windows Server 2025 from physical media rather than evaluation ISOs. Several experienced IT professionals have noted that the same update installs successfully on evaluation ISOs but fails consistently on retail DVD installations, suggesting potential issues with the master image used for physical distribution media. This discrepancy has prompted speculation about missing prerequisites, particularly regarding Microsoft Defender compatibility. However, counterarguments exist: the update's security improvements are genuinely important, the known issues are documented with workarounds, and the problems appear limited to specific configuration scenarios rather than affecting all deployments universally. The availability of a resolution through KB5094125 for BitLocker-related issues demonstrates Microsoft's responsiveness to identified problems.

Known Issues

  • BitLocker Group Policy Configuration Incompatibility: Devices with unrecommended BitLocker Group Policy configurations specifying PCR7 validation may require BitLocker recovery key entry on first restart. This affects only systems where BitLocker is enabled, the specific Group Policy is configured with PCR7 inclusion, Secure Boot State PCR7 Binding reports "Not Possible," and the Windows UEFI CA 2023 certificate is present. Recovery key entry occurs only once, with subsequent restarts functioning normally. Resolution available through KB5094125.

  • Component Store Corruption and Installation Failures: Multiple users report installation failures with error codes 0x800f0982 and 0x800736b3, indicating missing components in the Windows Component Store. Issues appear more prevalent with retail DVD installations versus evaluation ISOs, suggesting potential differences in master image baseline configurations.

  • WSUS Error Reporting Disabled: Windows Server Update Services (WSUS) does not display synchronization error details after installing KB5070881 or later updates. This functionality was temporarily removed to address CVE-2025-59287 (Remote Code Execution Vulnerability).

  • Sign-In Issues with Microsoft Accounts: Some users may experience "no Internet" errors when signing into Microsoft account-based applications after installing Windows updates released on or after March 10, 2026, even with functional Internet connectivity.

  • Remote Desktop Multi-Monitor Rendering: Previously addressed issue affecting Remote Desktop Connection security warning dialog rendering in multi-monitor scenarios with different scaling configurations has been fixed in this update.

Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2026-06-11 01:30 PM

Back to Knowledge Base Catalog