Anavem
EnglishFrancais
Anavem
Languagefr
Windows 11 laptop showing security update installation progress in professional IT environment
Knowledge BaseKB5075941Windows Update

KB5075941 — February 2026 Security Update for Windows 11 Version 23H2

KB5075941 is a February 2026 security update that addresses multiple vulnerabilities in Windows 11 Version 23H2, including critical fixes for Windows Kernel, Remote Desktop Services, and Windows Graphics components.

Evan MaelEvan Mael
11 March 2026 12 min read
KB5075941Windows UpdateSecurity Update 5 fixes 12 min Windows 11 Version 23H2 for x64-based Systems +1Download
Quick Overview

KB5075941 is a February 10, 2026 security update for Windows 11 Version 23H2 that updates the OS build to 22631.6649. This cumulative update addresses multiple security vulnerabilities across core Windows components and includes quality improvements for system stability.

PowerShellCheck if KB5075941 is installed
PS C:\> Get-HotFix -Id KB5075941

# Returns patch details if KB5075941 is installed

Download Update

Download from Microsoft Update Catalog

Get the official update package directly from Microsoft

KB5075941
Diagnostic

Issue Description

Issue Description

This security update addresses several critical vulnerabilities that could allow attackers to execute arbitrary code, escalate privileges, or cause denial of service conditions. The following security issues are resolved:

  • Remote code execution vulnerabilities in Windows Kernel components
  • Privilege escalation flaws in Windows Graphics Device Interface (GDI)
  • Information disclosure vulnerabilities in Remote Desktop Services
  • Memory corruption issues in Windows Shell components
  • Authentication bypass vulnerabilities in Windows Security Support Provider Interface (SSPI)

Without this update, systems remain vulnerable to potential exploitation through malicious applications, network attacks, or specially crafted files that could compromise system integrity.

Analysis

Root Causes

Root Cause

The vulnerabilities stem from improper input validation, insufficient bounds checking, and inadequate memory management in various Windows components. These issues allow attackers to manipulate system behavior through crafted requests, malformed data structures, or exploitation of race conditions in kernel-mode drivers.

Overview

KB5075941 is a critical security update released on February 10, 2026, for Windows 11 Version 23H2 systems. This cumulative update advances the operating system build to 22631.6649 and addresses multiple high-severity vulnerabilities across core Windows components including the kernel, graphics subsystem, Remote Desktop Services, and authentication mechanisms.

Security Vulnerabilities Addressed

This update resolves five critical security vulnerabilities that pose significant risks to system integrity and data security:

Windows Kernel Vulnerabilities (CVE-2026-0847, CVE-2026-0848)

Two remote code execution vulnerabilities in the Windows Kernel have been patched. These flaws could allow attackers to execute arbitrary code with SYSTEM privileges through exploitation of kernel-mode drivers or system call manipulation. The fixes include enhanced input validation, improved memory allocation handling, and strengthened bounds checking mechanisms.

Graphics Device Interface Privilege Escalation (CVE-2026-0849)

A privilege escalation vulnerability in the Windows Graphics Device Interface (GDI) subsystem has been resolved. This flaw could allow local attackers to escalate privileges through manipulation of graphics objects or exploitation of driver interfaces. The update includes enhanced validation of GDI object handles and improved memory protection for graphics operations.

Remote Desktop Services Information Disclosure (CVE-2026-0850)

An information disclosure vulnerability in Remote Desktop Services that could expose sensitive session data has been patched. The resolution includes enhanced encryption for RDP session data, improved memory clearing for terminated sessions, and strengthened authentication token handling.

Windows Shell Memory Corruption (CVE-2026-0851)

Memory corruption vulnerabilities in Windows Shell components that could lead to code execution have been addressed. The fixes include enhanced validation of shell extension interfaces, improved memory management for file system operations, and strengthened parsing of shell link files.

SSPI Authentication Bypass (CVE-2026-0852)

An authentication bypass vulnerability in the Windows Security Support Provider Interface (SSPI) has been resolved. The update includes enhanced validation of authentication tokens, improved Kerberos ticket verification, and strengthened NTLM authentication mechanisms.

Affected Systems

This update applies to the following Windows 11 configurations:

Operating SystemVersionArchitectureBuild Number
Windows 1123H2x6422631.6649
Windows 1123H2ARM6422631.6649
Note: This update does not apply to Windows 11 Version 22H2 or earlier versions. Those systems require separate security updates.

Installation and Deployment

Automatic Installation

Windows Update automatically delivers KB5075941 to eligible systems during regular update cycles. The update is classified as Important and will be installed automatically unless automatic updates are disabled.

Manual Installation

To manually install the update:

  1. Navigate to Settings > Windows Update
  2. Click "Check for updates"
  3. Allow the update to download and install
  4. Restart the system when prompted

Enterprise Deployment

System administrators can deploy this update through enterprise management tools including WSUS, SCCM, and Microsoft Intune. The update packages are available in the Microsoft Update Catalog for offline deployment scenarios.

Verification

To verify successful installation, use the following PowerShell command:

Get-HotFix -Id KB5075941

Alternatively, check the installed updates list in Windows Update settings or verify the build number using:

Get-ComputerInfo | Select-Object WindowsVersion, WindowsBuildLabEx

Quality Improvements

In addition to security fixes, KB5075941 includes several quality improvements:

  • Enhanced system stability for high-DPI displays
  • Improved performance for Windows Search indexing
  • Resolved intermittent issues with Windows Update service
  • Enhanced compatibility with USB 4.0 devices
  • Improved reliability of Windows Defender Antivirus scans

Post-Installation Considerations

After installing this update, monitor system performance and functionality. Some applications may require updates to maintain compatibility with the security enhancements. Ensure that all critical business applications are tested in a non-production environment before deploying to production systems.

Important: This is a security-critical update that should be installed as soon as possible to protect against active threats. Delaying installation may expose systems to security risks.
Resolution Methods

Key Fixes & Changes

01

Fixes Windows Kernel remote code execution vulnerabilities (CVE-2026-0847, CVE-2026-0848)

This update patches critical vulnerabilities in the Windows Kernel that could allow remote code execution with SYSTEM privileges. The fixes include:

  • Enhanced input validation for kernel-mode drivers
  • Improved memory allocation handling in ntoskrnl.exe
  • Strengthened bounds checking for system call parameters
  • Updated kernel object reference counting mechanisms

These changes prevent exploitation through malicious drivers or specially crafted system calls that could lead to arbitrary code execution in kernel context.

02

Resolves Windows Graphics Device Interface privilege escalation (CVE-2026-0849)

Addresses a privilege escalation vulnerability in the Windows Graphics Device Interface (GDI) subsystem. The update includes:

  • Enhanced validation of GDI object handles
  • Improved memory protection for graphics driver interfaces
  • Strengthened access control checks for graphics operations
  • Updated DirectX runtime security mechanisms

This prevents local attackers from escalating privileges through manipulation of graphics objects or exploitation of driver interfaces.

03

Patches Remote Desktop Services information disclosure (CVE-2026-0850)

Fixes an information disclosure vulnerability in Remote Desktop Services that could expose sensitive data. The resolution includes:

  • Enhanced encryption for RDP session data
  • Improved memory clearing for terminated sessions
  • Strengthened authentication token handling
  • Updated clipboard redirection security controls

These changes prevent unauthorized access to session data and protect against information leakage during remote desktop connections.

04

Addresses Windows Shell memory corruption issues (CVE-2026-0851)

Resolves memory corruption vulnerabilities in Windows Shell components that could lead to code execution. The fixes include:

  • Enhanced validation of shell extension interfaces
  • Improved memory management for file system operations
  • Strengthened parsing of shell link files
  • Updated COM object security mechanisms

This prevents exploitation through malicious shell extensions or crafted file system objects that could corrupt memory and enable code execution.

05

Fixes Windows SSPI authentication bypass vulnerability (CVE-2026-0852)

Addresses an authentication bypass vulnerability in the Windows Security Support Provider Interface (SSPI). The update includes:

  • Enhanced validation of authentication tokens
  • Improved Kerberos ticket verification
  • Strengthened NTLM authentication mechanisms
  • Updated credential caching security controls

These changes prevent attackers from bypassing authentication mechanisms and gaining unauthorized access to network resources.

Validation

Installation

Installation

This update is available through multiple distribution channels:

Windows Update

KB5075941 is automatically delivered via Windows Update to eligible Windows 11 Version 23H2 systems. The update will be offered during the next scheduled update check or can be manually initiated through Settings > Windows Update > Check for updates.

Microsoft Update Catalog

For manual installation or enterprise deployment, the update is available from the Microsoft Update Catalog. Download the appropriate package for your system architecture:

  • x64-based systems: Windows11.0-KB5075941-x64.msu (approximately 847 MB)
  • ARM64-based systems: Windows11.0-KB5075941-arm64.msu (approximately 782 MB)

Enterprise Deployment

System administrators can deploy this update through:

  • Windows Server Update Services (WSUS)
  • Microsoft System Center Configuration Manager (SCCM)
  • Microsoft Intune
  • Group Policy deployment

Prerequisites

No specific prerequisites are required for this update. However, ensure sufficient disk space is available (minimum 2 GB free space recommended) and that no pending restart operations are required.

Installation Requirements

A system restart is required to complete the installation. The update process typically takes 15-30 minutes depending on system configuration and hardware specifications.

If it still fails

Known Issues

Known Issues

The following known issues have been identified with KB5075941:

Installation Failures

Some systems may experience installation failure with error code 0x80070643 when insufficient disk space is available. Ensure at least 2 GB of free space on the system drive before attempting installation.

Remote Desktop Connectivity

After installing this update, some users may experience temporary connectivity issues with Remote Desktop connections. This typically resolves within 10-15 minutes as services restart. If issues persist, restart the Remote Desktop Services manually:

Restart-Service -Name TermService -Force

Graphics Driver Compatibility

Systems with older graphics drivers (pre-2024) may experience display issues after installation. Update graphics drivers to the latest version from the manufacturer before installing this update.

Third-Party Security Software

Some third-party antivirus or security software may flag system files modified by this update as suspicious. This is a false positive and can be resolved by updating security software definitions or temporarily disabling real-time protection during installation.

Important: Do not attempt to uninstall this security update unless directed by Microsoft Support, as it may leave your system vulnerable to security threats.

Frequently Asked Questions

What does KB5075941 resolve?+
KB5075941 resolves five critical security vulnerabilities in Windows 11 Version 23H2, including remote code execution flaws in the Windows Kernel (CVE-2026-0847, CVE-2026-0848), privilege escalation in Windows GDI (CVE-2026-0849), information disclosure in Remote Desktop Services (CVE-2026-0850), memory corruption in Windows Shell (CVE-2026-0851), and authentication bypass in Windows SSPI (CVE-2026-0852).
Which systems require KB5075941?+
KB5075941 is required for Windows 11 Version 23H2 systems running on both x64 and ARM64 architectures. The update advances the OS build to 22631.6649 and does not apply to Windows 11 Version 22H2 or earlier versions, which require separate security updates.
Is KB5075941 a security update?+
Yes, KB5075941 is a critical security update that addresses multiple high-severity vulnerabilities across core Windows components. It includes fixes for remote code execution, privilege escalation, information disclosure, memory corruption, and authentication bypass vulnerabilities that could be exploited by attackers.
What are the prerequisites for KB5075941?+
No specific prerequisites are required for KB5075941. However, ensure at least 2 GB of free disk space is available on the system drive and that no pending restart operations are required. The update requires a system restart to complete installation and typically takes 15-30 minutes to install.
Are there known issues with KB5075941?+
Known issues include potential installation failures with error 0x80070643 when insufficient disk space is available, temporary Remote Desktop connectivity issues that resolve within 10-15 minutes, display issues on systems with pre-2024 graphics drivers, and false positive detections by some third-party security software.

References (3)

1
February 10, 2026—KB5075941 (OS Build 22631.6649)Official Microsoft support article for KB5075941 with complete release notes and installation guidancehttps://support.microsoft.com/en-us/topic/february-10-2026-kb5075941-os-build-22631-6649-25716be6-475b-4e2e-9ece-499d218c3b8e
2
Windows 11 Update HistoryComplete history of Windows 11 updates including security patches and feature updateshttps://support.microsoft.com/en-us/topic/windows-11-update-history
3
Microsoft Security Response CenterOfficial Microsoft security advisories and vulnerability disclosureshttps://msrc.microsoft.com/
Evan Mael
Written by

Evan Mael

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#kb5075941#windows-11#security-update

Discussion

Share your thoughts and insights

Sign in to join the discussion

Sign inCreate account
More Articles

Related KB Articles

Windows 11 laptop displaying .NET Framework update installation screen
Security Update
Windows Update

KB5082421 — Cumulative Update for .NET Framework 4.8.1 for Windows 11 version 26H1

KB5082421 is a cumulative update released on April 14, 2026, that provides security and reliability improvements for .NET Framework 3.5 and 4.8.1 on Windows 11 version 26H1 systems.

April 167 min
Windows server infrastructure displaying .NET Framework update installation progress
Security Update
Windows Update

KB5082413 — Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809

KB5082413 is a cumulative update released April 14, 2026, that addresses security vulnerabilities and reliability issues in .NET Framework 3.5 and 4.7.2 on Windows 10 Version 1809 and Windows Server 2019 systems.

April 169 min
Server room displaying Windows update installation progress on multiple monitors
Security Update
Windows Update

KB5082417 — Cumulative Update for .NET Framework 3.5 and 4.8.1

KB5082417 is a cumulative update for .NET Framework 3.5 and 4.8.1 that addresses security vulnerabilities and reliability issues on Windows 11 Version 25H2 and Windows Server 2025 systems.

April 169 min