ANAVEM
FR
Reference
Windows 11 laptop displaying Windows Update security installation screen
KB5079420Windows UpdateWindows

KB5079420 — March 2026 Hotpatch Security Update for Windows 11

KB5079420 is a March 2026 hotpatch security update that addresses critical vulnerabilities in Windows 11 Version 24H2 and 25H2 systems, delivering security fixes without requiring a system restart.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 20269 min read0 views

KB5079420 is a March 2026 hotpatch security update that addresses critical vulnerabilities in Windows 11 Version 24H2 and 25H2 systems, delivering security fixes without requiring a system restart.

Overview

KB5079420 is a March 10, 2026 hotpatch security update for Windows 11 systems. This update addresses multiple security vulnerabilities and delivers critical fixes to Build 26200.7979 and Build 26100.7979 without requiring system restart through Microsoft's hotpatch technology.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Patches kernel-mode driver elevation of privilege vulnerability
  4. 2Resolves remote code execution vulnerability in Windows networking stack
  5. 3Fixes information disclosure vulnerability in Windows graphics subsystem
  6. 4Strengthens Windows authentication security mechanisms
  7. 5Resolves memory corruption issues in Windows core components
  8. Installation
  9. Known Issues
  10. Frequently Asked Questions

Applies to

Windows 11 Version 25H2 for ARM64-based SystemsWindows 11 Version 25H2 for x64-based SystemsWindows 11 Version 24H2 for ARM64-based SystemsWindows 11 Version 24H2 for x64-based Systems

Issue Description

Issue Description

This hotpatch update addresses several security vulnerabilities identified in Windows 11 systems that could potentially allow:

  • Elevation of privilege attacks through kernel-mode drivers
  • Remote code execution vulnerabilities in Windows networking components
  • Information disclosure through Windows graphics subsystem
  • Security bypass in Windows authentication mechanisms
  • Memory corruption issues in Windows core components

Systems affected by these vulnerabilities may experience unexpected behavior, security warnings, or potential exploitation attempts from malicious actors targeting unpatched systems.

Root Cause

Root Cause

The vulnerabilities addressed by KB5079420 stem from insufficient input validation in multiple Windows subsystems, improper memory management in kernel-mode components, and inadequate security checks in authentication and networking modules. These issues were identified through Microsoft's security research and responsible disclosure from security researchers.

1

Patches kernel-mode driver elevation of privilege vulnerability

This fix addresses a critical vulnerability in Windows kernel-mode drivers that could allow local attackers to gain elevated privileges. The update implements enhanced validation checks for driver operations and strengthens memory protection mechanisms in kernel space. This patch affects the Windows kernel subsystem and driver framework components.

2

Resolves remote code execution vulnerability in Windows networking stack

The update patches a remote code execution vulnerability in the Windows networking subsystem that could be exploited through specially crafted network packets. Enhanced input validation and buffer overflow protections have been implemented in the TCP/IP stack and related networking components to prevent exploitation.

3

Fixes information disclosure vulnerability in Windows graphics subsystem

This fix addresses an information disclosure vulnerability in the Windows graphics processing components that could allow unauthorized access to sensitive memory contents. The update implements proper memory initialization and access controls in graphics driver interfaces and DirectX components.

4

Strengthens Windows authentication security mechanisms

The hotpatch includes security enhancements to Windows authentication protocols, addressing potential bypass vulnerabilities in credential validation processes. Updated security checks and improved cryptographic implementations strengthen the overall authentication framework.

5

Resolves memory corruption issues in Windows core components

Multiple memory corruption vulnerabilities in Windows core system components have been addressed through improved memory management routines and enhanced bounds checking. These fixes prevent potential crashes and security exploits targeting memory handling vulnerabilities.

Installation

Installation

KB5079420 is delivered automatically through Windows Update as a hotpatch update. The update is available through the following channels:

Windows Update

The hotpatch is automatically delivered to eligible Windows 11 systems running Version 24H2 or 25H2. Systems must be configured to receive updates automatically and meet hotpatch eligibility requirements.

Microsoft Update Catalog

Manual download is available from the Microsoft Update Catalog for enterprise deployment scenarios. The update package size is approximately 45 MB for x64 systems and 38 MB for ARM64 systems.

Windows Server Update Services (WSUS)

Enterprise environments can deploy KB5079420 through WSUS infrastructure. The update is classified as a Critical security update and will be automatically approved based on WSUS configuration.

Microsoft Intune

Organizations using Microsoft Intune can deploy this hotpatch through the Windows Update for Business service or manual update deployment policies.

Note: This is a hotpatch update that does not require system restart. The update takes effect immediately upon installation.

Prerequisites

Systems must be running Windows 11 Version 24H2 (Build 26100) or Version 25H2 (Build 26200) to receive this hotpatch. No additional prerequisites are required.

Known Issues

Known Issues

Microsoft has identified the following known issues with KB5079420:

Hotpatch Installation Failures

Some systems may experience hotpatch installation failures with error code 0x80070643 if Windows Update services are not running properly. Restart the Windows Update service and retry installation.

Third-party Security Software Compatibility

Certain third-party antivirus and security software may temporarily flag hotpatch components during installation. This is expected behavior and does not indicate a security issue.

Windows Defender Application Guard

Systems with Windows Defender Application Guard enabled may experience temporary performance degradation during the first few hours after hotpatch installation while security policies are updated.

Important: If you experience system instability after installing this hotpatch, contact Microsoft Support for assistance. Do not attempt to manually uninstall hotpatch updates.

Workarounds

For systems experiencing installation issues:

  • Ensure Windows Update services are running: net start wuauserv
  • Clear Windows Update cache: net stop wuauserv && rd /s %windir%\SoftwareDistribution && net start wuauserv
  • Run Windows Update troubleshooter from Settings > Update & Security > Troubleshoot

Overview

KB5079420 is a critical security hotpatch update released on March 10, 2026, for Windows 11 systems. This update addresses multiple high-priority security vulnerabilities across various Windows subsystems and delivers fixes to Build 26200.7979 for Windows 11 Version 25H2 and Build 26100.7979 for Windows 11 Version 24H2. As a hotpatch update, KB5079420 applies security fixes without requiring system restart, minimizing disruption to business operations.

Security Vulnerabilities Addressed

This hotpatch update resolves several critical security vulnerabilities that could potentially compromise system security:

Kernel-Mode Driver Vulnerabilities

The update addresses elevation of privilege vulnerabilities in Windows kernel-mode drivers that could allow local attackers to gain administrative privileges. These vulnerabilities affect driver validation mechanisms and memory protection systems within the Windows kernel.

Network Stack Remote Code Execution

Critical remote code execution vulnerabilities in the Windows networking subsystem have been patched. These vulnerabilities could be exploited through specially crafted network packets to execute arbitrary code on target systems.

Graphics Subsystem Information Disclosure

Information disclosure vulnerabilities in Windows graphics processing components have been resolved. These issues could allow unauthorized access to sensitive memory contents through graphics driver interfaces.

Authentication Security Enhancements

The update strengthens Windows authentication mechanisms by addressing potential bypass vulnerabilities in credential validation processes and implementing enhanced cryptographic protections.

Affected Systems

KB5079420 applies to the following Windows 11 configurations:

Operating SystemVersionArchitectureBuild After Update
Windows 1125H2x64-based Systems26200.7979
Windows 1125H2ARM64-based Systems26200.7979
Windows 1124H2x64-based Systems26100.7979
Windows 1124H2ARM64-based Systems26100.7979

Hotpatch Technology

Microsoft's hotpatch technology enables the delivery of critical security updates without requiring system restarts. This technology works by:

  • Modifying running code in memory without affecting system stability
  • Applying security patches to active processes and system components
  • Maintaining system uptime while delivering critical security fixes
  • Reducing maintenance windows for enterprise environments
Note: Hotpatch updates are automatically applied and take effect immediately. No user intervention or system restart is required.

Installation and Deployment

Automatic Installation

Windows 11 systems configured for automatic updates will receive KB5079420 automatically through Windows Update. The hotpatch installation process is transparent to users and occurs in the background.

Enterprise Deployment

Enterprise environments can deploy this update through:

  • Windows Server Update Services (WSUS): Centralized deployment for domain-joined systems
  • Microsoft Intune: Cloud-based update management for modern workplace scenarios
  • Microsoft Update Catalog: Manual download for offline deployment
  • System Center Configuration Manager: Traditional enterprise update deployment

Verification Commands

To verify successful installation of KB5079420, use the following PowerShell command:

Get-HotFix -Id KB5079420

To check the current OS build number:

[System.Environment]::OSVersion.Version

Security Impact and Recommendations

Organizations should prioritize the installation of KB5079420 due to the critical nature of the security vulnerabilities addressed. The hotpatch delivery mechanism ensures minimal disruption while providing immediate security protection.

Risk Assessment

Systems not updated with KB5079420 remain vulnerable to:

  • Local privilege escalation attacks
  • Remote code execution through network exploitation
  • Information disclosure through graphics subsystem vulnerabilities
  • Authentication bypass attempts

Compliance Considerations

This update may be required for compliance with security frameworks such as:

  • NIST Cybersecurity Framework
  • ISO 27001 security standards
  • Industry-specific security requirements
  • Government security mandates

Support and Additional Resources

For technical support related to KB5079420, contact Microsoft Support through official channels. Enterprise customers with Premier or Unified Support contracts can access dedicated support resources for update deployment assistance.

Frequently Asked Questions

What does KB5079420 resolve?
KB5079420 is a hotpatch security update that addresses multiple critical vulnerabilities in Windows 11, including kernel-mode driver elevation of privilege, remote code execution in networking components, information disclosure in graphics subsystem, authentication security bypasses, and memory corruption issues in core Windows components.
Which systems require KB5079420?
KB5079420 applies to Windows 11 Version 24H2 and Version 25H2 systems on both x64 and ARM64 architectures. Systems must be running Build 26100 (24H2) or Build 26200 (25H2) to receive this hotpatch update.
Is KB5079420 a security update?
Yes, KB5079420 is classified as a Critical security hotpatch update. It addresses multiple high-priority security vulnerabilities that could potentially allow elevation of privilege, remote code execution, and information disclosure attacks.
What are the prerequisites for KB5079420?
The only prerequisite for KB5079420 is running Windows 11 Version 24H2 (Build 26100) or Version 25H2 (Build 26200). No additional updates or system modifications are required before installing this hotpatch.
Are there known issues with KB5079420?
Known issues include potential installation failures with error 0x80070643 if Windows Update services are not running properly, temporary compatibility warnings from third-party security software, and possible performance degradation on systems with Windows Defender Application Guard enabled during the first few hours after installation.

References (3)

1
10 mars 2026—Hotpatch KB5079420 (Versions du système d'exploitation 26200.7979 et 26100.7979)Article de support officiel de Microsoft pour la mise à jour hotpatch KB5079420https://support.microsoft.com/en-us/topic/march-10-2026-hotpatch-kb5079420-os-builds-26200-7979-and-26100-7979-752485e9-41c1-4628-ad1a-7538dba503e3
2
Windows Update : FAQQuestions fréquemment posées sur le processus de mise à jour de Windows et le dépannagehttps://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
3
Catalogue Microsoft UpdateCentre de téléchargement pour le déploiement manuel des mises à jour Windowshttps://www.catalog.update.microsoft.com/
#kb5079420#windows-11#security-hotpatch

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Windows server infrastructure displaying security update installation progress in data center environment
KB5078752
Windows Update
KB Article

KB5078752 — March 2026 Security Update for Windows 10 Version 1809 and Windows Server 2019

KB5078752 is a March 2026 security update that addresses multiple vulnerabilities in Windows 10 Version 1809 and Windows Server 2019, including fixes for Windows Kernel, Remote Desktop Services, and Windows Graphics components.

Mar 1112 min
Windows laptop displaying system update installation screen
KB5079466
Windows Update
KB Article

KB5079466 — March 2026 Cumulative Update for Windows 11 Version 26H1

KB5079466 is a March 2026 cumulative update that addresses security vulnerabilities and system stability issues in Windows 11 Version 26H1, updating systems to OS Build 28000.1719.

Mar 1112 min
Server rack displaying Windows update installation screens in data center environment
KB5078938
Windows Update
KB Article

KB5078938 — March 2026 Security Update for Windows 10 Version 1607 and Windows Server 2016

KB5078938 is a March 2026 security update that addresses multiple vulnerabilities in Windows 10 Version 1607 and Windows Server 2016, including critical fixes for Windows kernel and networking components.

Mar 1112 min
Windows laptop displaying system update installation screen
KB5077181
Windows Update
KB Article

KB5077181 — February 2026 Cumulative Update for Windows 11

KB5077181 is a February 2026 cumulative update that delivers security fixes and quality improvements for Windows 11 Version 24H2 and 25H2, updating systems to builds 26100.7840 and 26200.7840 respectively.

Mar 1112 min