Microsoft Delivers KB5087544 Extended Security Update for Windows 10
Microsoft released the Windows 10 KB5087544 extended security update on May 12, 2026, addressing critical vulnerabilities identified during the May 2026 Patch Tuesday cycle. This update specifically targets Windows 10 systems enrolled in the Extended Security Updates program, which provides continued security patches for the operating system beyond its mainstream support lifecycle. The release comes as part of Microsoft's ongoing commitment to maintain security coverage for enterprise customers who haven't yet migrated to Windows 11.
The KB5087544 update addresses multiple security vulnerabilities that were disclosed during the May 2026 Patch Tuesday release cycle. These vulnerabilities span various Windows components, including the kernel, networking stack, and user interface elements. Microsoft's Security Response Center coordinated the disclosure and patching process, working with security researchers and government agencies to ensure comprehensive coverage of the identified security gaps.
Beyond the security fixes, KB5087544 resolves a specific issue affecting Remote Desktop Protocol connections. Users had reported unexpected warning dialogs appearing during RDP sessions, particularly when connecting to Windows 10 systems from newer Windows 11 clients. The warnings were related to certificate validation processes and were causing disruption in enterprise environments where Remote Desktop is heavily utilized for system administration and remote work scenarios.
The update deployment follows Microsoft's standard distribution model for Extended Security Updates, making it available through Windows Update, Windows Server Update Services, and Microsoft Update Catalog. Enterprise customers with volume licensing agreements can access the update through their existing deployment channels, while individual users must have purchased Extended Security Update licenses to receive the patch.
Windows 10 Extended Security Update Subscribers Targeted
The KB5087544 update specifically affects Windows 10 systems enrolled in Microsoft's Extended Security Updates program. This includes Windows 10 Enterprise, Education, and IoT Enterprise editions that have active ESU subscriptions. Organizations running Windows 10 version 1507 through the latest supported builds can install this update, provided they maintain valid Extended Security Update licensing agreements with Microsoft.
Enterprise environments heavily relying on Remote Desktop Protocol for system administration will particularly benefit from this update. The Remote Desktop warning issue had been affecting organizations where IT administrators connect to Windows 10 systems from Windows 11 management workstations. Manufacturing facilities, healthcare institutions, and financial services companies that maintain Windows 10 deployments for specialized applications or compliance requirements represent the primary affected user base.
Small and medium businesses that purchased Extended Security Update licenses to extend their Windows 10 deployments are also included in the affected scope. These organizations often maintain Windows 10 systems to support legacy applications or hardware that isn't compatible with Windows 11's stricter system requirements. The security vulnerabilities addressed in KB5087544 could potentially impact any Windows 10 system, making this update critical for maintaining security posture in mixed-environment deployments.
Installing KB5087544 and Verifying Security Improvements
Organizations can deploy KB5087544 through multiple channels depending on their update management infrastructure. Windows Update will automatically deliver the patch to systems with valid Extended Security Update licenses and automatic updates enabled. Enterprise administrators can download the standalone package from the Microsoft Update Catalog for manual deployment or integration into existing patch management workflows using tools like System Center Configuration Manager or Windows Server Update Services.
The installation process requires a system restart to complete the security fixes, particularly those affecting kernel-level components. Administrators should plan maintenance windows accordingly, especially for production systems that can't tolerate unexpected downtime. The update package is approximately 150MB for x64 systems and 120MB for x86 installations, requiring adequate disk space in the Windows Update cache directory during the installation process.
To verify successful installation, administrators can check the installed updates list in Windows Settings or use PowerShell commands to query the update history. The Remote Desktop warning fix can be tested by establishing RDP connections from Windows 11 clients to updated Windows 10 systems. Organizations should also review their security monitoring tools to ensure the patched vulnerabilities are no longer triggering alerts or detection rules that were implemented as temporary mitigations.
Microsoft recommends reviewing the CISA Known Exploited Vulnerabilities catalog to understand the broader threat landscape and ensure comprehensive security coverage. Organizations should also update their vulnerability scanning tools to recognize the patched state and remove false positive alerts for systems that have successfully installed KB5087544.
