KB5099536: Overview with user sentiment and feedback

Last Updated July 16, 2026

Probability of successful installation and continued operation of the machine

0%
20%
40%
60%
80%
100%
60%
Known Issues

Overview

KB5099536 is a cumulative security and quality update for Windows Server 2025 released on July 14, 2026 (OS Build 26100.33158). This update includes the latest security fixes, quality improvements, and non-security updates from the previous month's optional preview release. It addresses multiple system components including Secure Boot certificate deployment, cryptographic enhancements, and various reliability improvements across networking, containers, and system services.

General Purpose

  • Secure Boot Certificate Updates: Expands device targeting data for automatic deployment of new Secure Boot certificates to address expiration concerns beginning June 2026
  • Cryptography Enhancements: Adds support for hybrid post-quantum cryptography (PQC) key exchange in TLS 1.3 and composite cryptographic formats combining traditional and post-quantum algorithms
  • Container Performance: Improves startup performance for Hyper-V-isolated Windows Server containers with updated base images available through Microsoft Container Registry
  • Security Hardening: Introduces DKM container ACL automatic detection and remediation in AD FS; adds SHA-2 certificate thumbprint support for RDP with SHA-1 retained for backward compatibility
  • Networking & Reliability: Enhances network resource connections including null session support and improves Event Log reliability on event collector servers
  • System Stability: Resolves memory leak in graphics kernel driver and addresses issues affecting third-party OLE Automation apps interacting with Microsoft Office

General Sentiment

The update addresses significant security and infrastructure concerns, particularly around Secure Boot certificate expiration and post-quantum cryptography readiness. However, the patch introduces several known issues affecting user experience, including problems with third-party applications using OLE Automation, File Explorer OneDrive shortcuts, Recycle Bin dialogs, and potential compatibility concerns with unregistered third-party TDI transports. The inclusion of multiple fixes for previously introduced issues suggests the update is addressing regressions from earlier patches, indicating a mixed reception regarding stability.

Known Issues

  • Third-party apps using OLE Automation to interact with Microsoft Office may fail to launch Office or open documents (fixed from KB5094125 regression)
  • OneDrive shortcut in File Explorer stops working when File Explorer runs in administrative mode (fixed from KB5094125 regression)
  • Recycle Bin confirmation dialog displays internal file names instead of original file names when permanently deleting files (fixed from KB5094125 regression)
  • Input hotkey unregister behavior changes may cause certain Windows experiences to temporarily stop responding to keyboard shortcuts; typically resolved by restarting affected app
  • Applications using sockets over unregistered third-party TDI transports may stop working due to new TDI transport registration enforcement
  • WSUS does not display synchronization error details (temporary removal to address CVE-2025-59287)
  • In rare cases, built-in Windows experiences relying on previous hotkey lifecycle behavior might temporarily stop responding

Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2026-07-16 12:57 PM

Back to Knowledge Base Catalog