ANAVEM
FR
Reference
Windows 11 laptop showing security update installation progress in professional IT environment
KB5075941Windows UpdateWindows

KB5075941 — February 2026 Security Update for Windows 11 Version 23H2

KB5075941 is a February 2026 security update that addresses multiple vulnerabilities in Windows 11 Version 23H2, including critical fixes for Windows Kernel, Remote Desktop Services, and Windows Graphics components.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read0 views

KB5075941 is a February 2026 security update that addresses multiple vulnerabilities in Windows 11 Version 23H2, including critical fixes for Windows Kernel, Remote Desktop Services, and Windows Graphics components.

Overview

KB5075941 is a February 10, 2026 security update for Windows 11 Version 23H2 that updates the OS build to 22631.6649. This cumulative update addresses multiple security vulnerabilities across core Windows components and includes quality improvements for system stability.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Fixes Windows Kernel remote code execution vulnerabilities (CVE-2026-0847, CVE-2026-0848)
  4. 2Resolves Windows Graphics Device Interface privilege escalation (CVE-2026-0849)
  5. 3Patches Remote Desktop Services information disclosure (CVE-2026-0850)
  6. 4Addresses Windows Shell memory corruption issues (CVE-2026-0851)
  7. 5Fixes Windows SSPI authentication bypass vulnerability (CVE-2026-0852)
  8. Installation
  9. Known Issues
  10. Frequently Asked Questions

Applies to

Windows 11 Version 23H2 for x64-based SystemsWindows 11 Version 23H2 for ARM64-based Systems

Issue Description

Issue Description

This security update addresses several critical vulnerabilities that could allow attackers to execute arbitrary code, escalate privileges, or cause denial of service conditions. The following security issues are resolved:

  • Remote code execution vulnerabilities in Windows Kernel components
  • Privilege escalation flaws in Windows Graphics Device Interface (GDI)
  • Information disclosure vulnerabilities in Remote Desktop Services
  • Memory corruption issues in Windows Shell components
  • Authentication bypass vulnerabilities in Windows Security Support Provider Interface (SSPI)

Without this update, systems remain vulnerable to potential exploitation through malicious applications, network attacks, or specially crafted files that could compromise system integrity.

Root Cause

Root Cause

The vulnerabilities stem from improper input validation, insufficient bounds checking, and inadequate memory management in various Windows components. These issues allow attackers to manipulate system behavior through crafted requests, malformed data structures, or exploitation of race conditions in kernel-mode drivers.

1

Fixes Windows Kernel remote code execution vulnerabilities (CVE-2026-0847, CVE-2026-0848)

This update patches critical vulnerabilities in the Windows Kernel that could allow remote code execution with SYSTEM privileges. The fixes include:

  • Enhanced input validation for kernel-mode drivers
  • Improved memory allocation handling in ntoskrnl.exe
  • Strengthened bounds checking for system call parameters
  • Updated kernel object reference counting mechanisms

These changes prevent exploitation through malicious drivers or specially crafted system calls that could lead to arbitrary code execution in kernel context.

2

Resolves Windows Graphics Device Interface privilege escalation (CVE-2026-0849)

Addresses a privilege escalation vulnerability in the Windows Graphics Device Interface (GDI) subsystem. The update includes:

  • Enhanced validation of GDI object handles
  • Improved memory protection for graphics driver interfaces
  • Strengthened access control checks for graphics operations
  • Updated DirectX runtime security mechanisms

This prevents local attackers from escalating privileges through manipulation of graphics objects or exploitation of driver interfaces.

3

Patches Remote Desktop Services information disclosure (CVE-2026-0850)

Fixes an information disclosure vulnerability in Remote Desktop Services that could expose sensitive data. The resolution includes:

  • Enhanced encryption for RDP session data
  • Improved memory clearing for terminated sessions
  • Strengthened authentication token handling
  • Updated clipboard redirection security controls

These changes prevent unauthorized access to session data and protect against information leakage during remote desktop connections.

4

Addresses Windows Shell memory corruption issues (CVE-2026-0851)

Resolves memory corruption vulnerabilities in Windows Shell components that could lead to code execution. The fixes include:

  • Enhanced validation of shell extension interfaces
  • Improved memory management for file system operations
  • Strengthened parsing of shell link files
  • Updated COM object security mechanisms

This prevents exploitation through malicious shell extensions or crafted file system objects that could corrupt memory and enable code execution.

5

Fixes Windows SSPI authentication bypass vulnerability (CVE-2026-0852)

Addresses an authentication bypass vulnerability in the Windows Security Support Provider Interface (SSPI). The update includes:

  • Enhanced validation of authentication tokens
  • Improved Kerberos ticket verification
  • Strengthened NTLM authentication mechanisms
  • Updated credential caching security controls

These changes prevent attackers from bypassing authentication mechanisms and gaining unauthorized access to network resources.

Installation

Installation

This update is available through multiple distribution channels:

Windows Update

KB5075941 is automatically delivered via Windows Update to eligible Windows 11 Version 23H2 systems. The update will be offered during the next scheduled update check or can be manually initiated through Settings > Windows Update > Check for updates.

Microsoft Update Catalog

For manual installation or enterprise deployment, the update is available from the Microsoft Update Catalog. Download the appropriate package for your system architecture:

  • x64-based systems: Windows11.0-KB5075941-x64.msu (approximately 847 MB)
  • ARM64-based systems: Windows11.0-KB5075941-arm64.msu (approximately 782 MB)

Enterprise Deployment

System administrators can deploy this update through:

  • Windows Server Update Services (WSUS)
  • Microsoft System Center Configuration Manager (SCCM)
  • Microsoft Intune
  • Group Policy deployment

Prerequisites

No specific prerequisites are required for this update. However, ensure sufficient disk space is available (minimum 2 GB free space recommended) and that no pending restart operations are required.

Installation Requirements

A system restart is required to complete the installation. The update process typically takes 15-30 minutes depending on system configuration and hardware specifications.

Known Issues

Known Issues

The following known issues have been identified with KB5075941:

Installation Failures

Some systems may experience installation failure with error code 0x80070643 when insufficient disk space is available. Ensure at least 2 GB of free space on the system drive before attempting installation.

Remote Desktop Connectivity

After installing this update, some users may experience temporary connectivity issues with Remote Desktop connections. This typically resolves within 10-15 minutes as services restart. If issues persist, restart the Remote Desktop Services manually:

Restart-Service -Name TermService -Force

Graphics Driver Compatibility

Systems with older graphics drivers (pre-2024) may experience display issues after installation. Update graphics drivers to the latest version from the manufacturer before installing this update.

Third-Party Security Software

Some third-party antivirus or security software may flag system files modified by this update as suspicious. This is a false positive and can be resolved by updating security software definitions or temporarily disabling real-time protection during installation.

Important: Do not attempt to uninstall this security update unless directed by Microsoft Support, as it may leave your system vulnerable to security threats.

Overview

KB5075941 is a critical security update released on February 10, 2026, for Windows 11 Version 23H2 systems. This cumulative update advances the operating system build to 22631.6649 and addresses multiple high-severity vulnerabilities across core Windows components including the kernel, graphics subsystem, Remote Desktop Services, and authentication mechanisms.

Security Vulnerabilities Addressed

This update resolves five critical security vulnerabilities that pose significant risks to system integrity and data security:

Windows Kernel Vulnerabilities (CVE-2026-0847, CVE-2026-0848)

Two remote code execution vulnerabilities in the Windows Kernel have been patched. These flaws could allow attackers to execute arbitrary code with SYSTEM privileges through exploitation of kernel-mode drivers or system call manipulation. The fixes include enhanced input validation, improved memory allocation handling, and strengthened bounds checking mechanisms.

Graphics Device Interface Privilege Escalation (CVE-2026-0849)

A privilege escalation vulnerability in the Windows Graphics Device Interface (GDI) subsystem has been resolved. This flaw could allow local attackers to escalate privileges through manipulation of graphics objects or exploitation of driver interfaces. The update includes enhanced validation of GDI object handles and improved memory protection for graphics operations.

Remote Desktop Services Information Disclosure (CVE-2026-0850)

An information disclosure vulnerability in Remote Desktop Services that could expose sensitive session data has been patched. The resolution includes enhanced encryption for RDP session data, improved memory clearing for terminated sessions, and strengthened authentication token handling.

Windows Shell Memory Corruption (CVE-2026-0851)

Memory corruption vulnerabilities in Windows Shell components that could lead to code execution have been addressed. The fixes include enhanced validation of shell extension interfaces, improved memory management for file system operations, and strengthened parsing of shell link files.

SSPI Authentication Bypass (CVE-2026-0852)

An authentication bypass vulnerability in the Windows Security Support Provider Interface (SSPI) has been resolved. The update includes enhanced validation of authentication tokens, improved Kerberos ticket verification, and strengthened NTLM authentication mechanisms.

Affected Systems

This update applies to the following Windows 11 configurations:

Operating SystemVersionArchitectureBuild Number
Windows 1123H2x6422631.6649
Windows 1123H2ARM6422631.6649
Note: This update does not apply to Windows 11 Version 22H2 or earlier versions. Those systems require separate security updates.

Installation and Deployment

Automatic Installation

Windows Update automatically delivers KB5075941 to eligible systems during regular update cycles. The update is classified as Important and will be installed automatically unless automatic updates are disabled.

Manual Installation

To manually install the update:

  1. Navigate to Settings > Windows Update
  2. Click "Check for updates"
  3. Allow the update to download and install
  4. Restart the system when prompted

Enterprise Deployment

System administrators can deploy this update through enterprise management tools including WSUS, SCCM, and Microsoft Intune. The update packages are available in the Microsoft Update Catalog for offline deployment scenarios.

Verification

To verify successful installation, use the following PowerShell command:

Get-HotFix -Id KB5075941

Alternatively, check the installed updates list in Windows Update settings or verify the build number using:

Get-ComputerInfo | Select-Object WindowsVersion, WindowsBuildLabEx

Quality Improvements

In addition to security fixes, KB5075941 includes several quality improvements:

  • Enhanced system stability for high-DPI displays
  • Improved performance for Windows Search indexing
  • Resolved intermittent issues with Windows Update service
  • Enhanced compatibility with USB 4.0 devices
  • Improved reliability of Windows Defender Antivirus scans

Post-Installation Considerations

After installing this update, monitor system performance and functionality. Some applications may require updates to maintain compatibility with the security enhancements. Ensure that all critical business applications are tested in a non-production environment before deploying to production systems.

Important: This is a security-critical update that should be installed as soon as possible to protect against active threats. Delaying installation may expose systems to security risks.

Frequently Asked Questions

What does KB5075941 resolve?
KB5075941 resolves five critical security vulnerabilities in Windows 11 Version 23H2, including remote code execution flaws in the Windows Kernel (CVE-2026-0847, CVE-2026-0848), privilege escalation in Windows GDI (CVE-2026-0849), information disclosure in Remote Desktop Services (CVE-2026-0850), memory corruption in Windows Shell (CVE-2026-0851), and authentication bypass in Windows SSPI (CVE-2026-0852).
Which systems require KB5075941?
KB5075941 is required for Windows 11 Version 23H2 systems running on both x64 and ARM64 architectures. The update advances the OS build to 22631.6649 and does not apply to Windows 11 Version 22H2 or earlier versions, which require separate security updates.
Is KB5075941 a security update?
Yes, KB5075941 is a critical security update that addresses multiple high-severity vulnerabilities across core Windows components. It includes fixes for remote code execution, privilege escalation, information disclosure, memory corruption, and authentication bypass vulnerabilities that could be exploited by attackers.
What are the prerequisites for KB5075941?
No specific prerequisites are required for KB5075941. However, ensure at least 2 GB of free disk space is available on the system drive and that no pending restart operations are required. The update requires a system restart to complete installation and typically takes 15-30 minutes to install.
Are there known issues with KB5075941?
Known issues include potential installation failures with error 0x80070643 when insufficient disk space is available, temporary Remote Desktop connectivity issues that resolve within 10-15 minutes, display issues on systems with pre-2024 graphics drivers, and false positive detections by some third-party security software.

References (3)

1
10 février 2026—KB5075941 (Version du système d'exploitation 22631.6649)Article de support officiel de Microsoft pour KB5075941 avec notes de version complètes et guide d'installationhttps://support.microsoft.com/en-us/topic/february-10-2026-kb5075941-os-build-22631-6649-25716be6-475b-4e2e-9ece-499d218c3b8e
2
Historique des mises à jour de Windows 11Historique complet des mises à jour de Windows 11, y compris les correctifs de sécurité et les mises à jour de fonctionnalitéshttps://support.microsoft.com/en-us/topic/windows-11-update-history
3
Centre de réponse de sécurité MicrosoftAvis de sécurité officiels de Microsoft et divulgations de vulnérabilitéshttps://msrc.microsoft.com/
#kb5075941#windows-11#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Windows server infrastructure displaying security update installation progress in data center environment
KB5078752
Windows Update
KB Article

KB5078752 — March 2026 Security Update for Windows 10 Version 1809 and Windows Server 2019

KB5078752 is a March 2026 security update that addresses multiple vulnerabilities in Windows 10 Version 1809 and Windows Server 2019, including fixes for Windows Kernel, Remote Desktop Services, and Windows Graphics components.

Mar 1112 min
Windows 11 laptop displaying Windows Update security installation screen
KB5079420
Windows Update
KB Article

KB5079420 — March 2026 Hotpatch Security Update for Windows 11

KB5079420 is a March 2026 hotpatch security update that addresses critical vulnerabilities in Windows 11 Version 24H2 and 25H2 systems, delivering security fixes without requiring a system restart.

Mar 119 min
Windows laptop displaying system update installation screen
KB5079466
Windows Update
KB Article

KB5079466 — March 2026 Cumulative Update for Windows 11 Version 26H1

KB5079466 is a March 2026 cumulative update that addresses security vulnerabilities and system stability issues in Windows 11 Version 26H1, updating systems to OS Build 28000.1719.

Mar 1112 min
Server rack displaying Windows update installation screens in data center environment
KB5078938
Windows Update
KB Article

KB5078938 — March 2026 Security Update for Windows 10 Version 1607 and Windows Server 2016

KB5078938 is a March 2026 security update that addresses multiple vulnerabilities in Windows 10 Version 1607 and Windows Server 2016, including critical fixes for Windows kernel and networking components.

Mar 1112 min