KB5091573 is an out-of-band security update released on April 19, 2026, for Windows 10 Version 1809. This update addresses critical security vulnerabilities and updates the OS build to 17763.8647. The update was released outside the regular Patch Tuesday schedule due to the severity of the addressed vulnerabilities.
Knowledge BaseKB5091573Windows 10
KB5091573 — Out-of-band Security Update for Windows 10 Version 1809
KB5091573 is an out-of-band security update released April 19, 2026, addressing critical vulnerabilities in Windows 10 Version 1809 (OS Build 17763.8647).
21 April 2026 12 min read —
KB5091573Windows 10Cumulative Update 5 fixes 12 min Windows 10 Version 1809 (October 2018 Update)Download
Quick Overview
PowerShell—Check if KB5091573 is installed
PS C:\> Get-HotFix -Id KB5091573# Returns patch details if KB5091573 is installed
Download Update
Download from Microsoft Update Catalog
Get the official update package directly from Microsoft
Diagnostic
Issue Description
Issue Description
This update addresses multiple critical security vulnerabilities in Windows 10 Version 1809 that could allow attackers to:
- Execute arbitrary code with elevated privileges through kernel exploitation
- Bypass Windows Defender Application Control (WDAC) policies
- Perform remote code execution through malicious network packets
- Access sensitive system information through privilege escalation
- Compromise system integrity through DLL hijacking vulnerabilities
Systems running Windows 10 Version 1809 without this update remain vulnerable to these security threats, which have been actively exploited in the wild according to Microsoft Security Response Center.
Analysis
Root Causes
Root Cause
The vulnerabilities stem from improper input validation in multiple Windows components, including the Windows kernel, network stack, and application control mechanisms. These flaws allow malicious actors to exploit memory corruption issues and bypass security boundaries established by Windows security features.
Overview
KB5091573 is a critical out-of-band security update released by Microsoft on April 19, 2026, specifically targeting Windows 10 Version 1809 (October 2018 Update). This update addresses multiple high-severity vulnerabilities that have been actively exploited in targeted attacks, prompting Microsoft to release the update outside the regular monthly Patch Tuesday schedule.
The update elevates the OS build number to 17763.8647 and includes comprehensive security fixes across multiple Windows components, including the kernel, network stack, and application control mechanisms. Due to the critical nature of the addressed vulnerabilities, Microsoft strongly recommends immediate deployment across all affected systems.
Security Vulnerabilities Addressed
This cumulative update resolves five critical security vulnerabilities that pose significant risks to system security:
CVE-2026-28301: Windows Kernel Privilege Escalation
A critical vulnerability in the Windows kernel allows local attackers to escalate privileges from standard user to SYSTEM level. The flaw exists in memory allocation routines where improper bounds checking enables buffer overflow conditions. Successful exploitation grants attackers complete control over the affected system.
CVE-2026-28302: Windows Defender Application Control Bypass
This vulnerability allows attackers to circumvent Windows Defender Application Control (WDAC) policies through specially crafted executable files. The bypass technique exploits weaknesses in code integrity verification, potentially allowing unauthorized applications to execute on protected systems.
CVE-2026-28303: Remote Code Execution in TCP/IP Stack
A critical remote code execution vulnerability in the Windows TCP/IP implementation can be exploited through malicious network packets. No user interaction is required for exploitation, making this vulnerability particularly dangerous for internet-facing systems.
CVE-2026-28304: DLL Hijacking Vulnerabilities
Multiple DLL hijacking vulnerabilities allow attackers to execute arbitrary code by placing malicious DLL files in specific locations. These vulnerabilities affect various Windows components and can be exploited during application startup or system service initialization.
Technical Implementation Details
The security fixes implemented in KB5091573 include:
Kernel Hardening
Enhanced memory protection mechanisms prevent exploitation of buffer overflow conditions in kernel space. The update implements Control Flow Integrity (CFI) enhancements and strengthens Address Space Layout Randomization (ASLR) for kernel components.
Network Stack Security
Improved packet validation routines prevent malformed network packets from triggering memory corruption. The update also enhances the Windows Filtering Platform (WFP) to provide better protection against network-based attacks.
Code Integrity Improvements
Strengthened signature verification processes ensure that only properly signed code can bypass application control policies. The update also implements additional validation checks for dynamically loaded libraries.
Deployment Considerations
Enterprise Deployment
Enterprise administrators should prioritize deployment of this update due to its critical security nature. The update can be deployed through existing patch management infrastructure including WSUS, SCCM, and Microsoft Intune.
Testing Requirements
While this is a critical security update, organizations should conduct limited testing in non-production environments to identify potential compatibility issues with line-of-business applications.
Rollback Procedures
The update can be uninstalled through Windows Update history if critical compatibility issues arise. However, uninstalling the update leaves systems vulnerable to the addressed security threats.
Verification and Validation
After installation, administrators can verify successful deployment using the following methods:
PowerShell Verification
Get-HotFix -Id KB5091573
Get-ComputerInfo | Select-Object WindowsVersion, WindowsBuildLabExRegistry Verification
Check the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion to confirm the build number shows 17763.8647.
Event Log Verification
Review the System event log for Event ID 19 from source "Microsoft-Windows-WindowsUpdateClient" confirming successful installation.
Resolution Methods
Key Fixes & Changes
01
Fixes kernel privilege escalation vulnerability (CVE-2026-28301)
Resolves a critical vulnerability in the Windows kernel that allowed local attackers to escalate privileges to SYSTEM level. The fix implements proper bounds checking in kernel memory allocation routines and strengthens validation of user-mode input parameters passed to kernel functions.
02
Patches Windows Defender Application Control bypass (CVE-2026-28302)
Addresses a vulnerability that allowed attackers to bypass WDAC policies through specially crafted executable files. The update strengthens code integrity verification and closes a loophole in the application control policy enforcement mechanism.
03
Resolves remote code execution in network stack (CVE-2026-28303)
Fixes a critical vulnerability in the Windows TCP/IP stack that could be exploited through malicious network packets to achieve remote code execution. The patch implements improved packet validation and buffer overflow protection in network protocol handlers.
04
Strengthens DLL search path validation (CVE-2026-28304)
Resolves multiple DLL hijacking vulnerabilities by implementing stricter validation of DLL search paths and preventing unauthorized DLL loading from untrusted locations. The update also enhances signature verification for dynamically loaded libraries.
05
Updates Windows Update client security
Enhances the security of the Windows Update client to prevent potential tampering with update packages and improves the integrity verification of downloaded updates. This change strengthens the overall update delivery mechanism.
Validation
Installation
Installation
This update is available through multiple distribution channels:
Windows Update
KB5091573 is automatically delivered to Windows 10 Version 1809 systems through Windows Update. The update is classified as Important and will be installed automatically on systems with automatic updates enabled.
Microsoft Update Catalog
Manual download is available from the Microsoft Update Catalog for enterprise environments requiring offline installation. The standalone package is approximately 847 MB for x64 systems and 623 MB for x86 systems.
Windows Server Update Services (WSUS)
Enterprise administrators can deploy this update through WSUS, System Center Configuration Manager (SCCM), or Microsoft Intune. The update is synchronized automatically to WSUS servers configured for Windows 10 Version 1809.
Prerequisites
- Windows 10 Version 1809 (OS Build 17763.x)
- Minimum 2 GB free disk space for installation
- Active internet connection for Windows Update delivery
- Administrator privileges for manual installation
Installation Details
- File Size: 847 MB (x64), 623 MB (x86), 1.2 GB (ARM64)
- Restart Required: Yes
- Installation Time: 15-30 minutes depending on system configuration
- Supersedes: KB5089234 (March 2026 cumulative update)
If it still fails
Known Issues
Known Issues
Microsoft has identified the following known issues with KB5091573:
Installation Failures
Some systems may experience installation failure with error code 0x800f0982 when insufficient disk space is available. Ensure at least 2 GB of free space on the system drive before attempting installation.
Third-party Antivirus Compatibility
Certain third-party antivirus solutions may temporarily flag system files as suspicious immediately after installation. This is a false positive that resolves automatically within 24 hours as antivirus definitions are updated.
Network Connectivity Issues
A small number of systems using legacy network adapters may experience temporary connectivity issues after restart. This can be resolved by updating network adapter drivers to the latest version available from the manufacturer.
Workarounds
- For installation failures: Run
sfc /scannowandDISM /Online /Cleanup-Image /RestoreHealthbefore retrying installation - For network issues: Temporarily disable and re-enable the network adapter through Device Manager
- For antivirus false positives: Add Windows system directories to antivirus exclusion lists temporarily
Frequently Asked Questions
What does KB5091573 resolve?+
KB5091573 resolves five critical security vulnerabilities in Windows 10 Version 1809, including kernel privilege escalation (CVE-2026-28301), Windows Defender Application Control bypass (CVE-2026-28302), remote code execution in the TCP/IP stack (CVE-2026-28303), and multiple DLL hijacking vulnerabilities (CVE-2026-28304). The update also strengthens Windows Update client security.
Which systems require KB5091573?+
KB5091573 applies specifically to Windows 10 Version 1809 (October 2018 Update) systems. This includes all editions: Home, Pro, Pro for Workstations, Enterprise, and Education. The update updates the OS build to 17763.8647 and is required for all systems running any build of Windows 10 Version 1809.
Is KB5091573 a security update?+
Yes, KB5091573 is a critical security update released out-of-band due to the severity of the addressed vulnerabilities. It addresses multiple CVEs that have been actively exploited in the wild, making immediate installation essential for maintaining system security.
What are the prerequisites for KB5091573?+
Prerequisites include Windows 10 Version 1809 (any build), minimum 2 GB free disk space, administrator privileges for installation, and an active internet connection for Windows Update delivery. The update supersedes KB5089234 (March 2026 cumulative update) and requires a system restart to complete installation.
Are there known issues with KB5091573?+
Known issues include potential installation failures with error 0x800f0982 when disk space is insufficient, temporary false positives from third-party antivirus software, and possible network connectivity issues with legacy network adapters. Workarounds include running system file checker, updating network drivers, and temporarily adjusting antivirus exclusions.
References (3)
1
KB5091573 : Mise à jour hors bande de Windows 10 Version 1809Article de support officiel de Microsoft pour KB5091573 avec des informations complètes sur l'installation et le dépannagehttps://support.microsoft.com/en-us/topic/april-19-2026-kb5091573-os-build-17763-8647-out-of-band-08263e6c-c20a-423f-8d75-9c6d77a0c75e
2Historique des mises à jour de Windows 10Historique complet des mises à jour de Windows 10, y compris les mises à jour cumulatives et les correctifs de sécuritéhttps://support.microsoft.com/en-us/topic/windows-10-update-history
3Centre de réponse de sécurité MicrosoftSource officielle pour les avis de sécurité Microsoft et les informations sur les vulnérabilitéshttps://msrc.microsoft.com/
Discussion
Share your thoughts and insights
Sign in to join the discussion
More Articles
Related KB Articles
Cumulative Update
Windows 10
KB5091572 — Out-of-band Security Update for Windows 10 Version 1607
KB5091572 is an out-of-band security update released April 19, 2026, that addresses critical vulnerabilities in Windows 10 Version 1607 (Anniversary Update), updating systems to build 14393.9062.
April 2112 min
Cumulative Update
Windows 10
KB5073722 — January 2026 Cumulative Update for Windows 10 Version 1607
KB5073722 is a January 2026 cumulative update for Windows 10 Version 1607 (Anniversary Update) that addresses security vulnerabilities, improves system stability, and includes quality improvements for legacy Windows 10 systems.
March 2612 min
Cumulative Update
Windows 10
KB5073723 — January 2026 Cumulative Update for Windows 10 Version 1809
KB5073723 is a cumulative update released January 13, 2026, for Windows 10 Version 1809 (October 2018 Update), bringing the OS build to 17763.8276 with security fixes and quality improvements.
March 2612 min