CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft Releases Emergency Update for Windows 10 ESU Enrollment Bug

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft has issued an emergency out-of-band update (KB5071959) to fix a bug preventing Windows 10 users from enrolling in the Extended Security Updates (ESU) program. This update resolves an issue in the ESU enrollment wizard that caused failures during the enrollment process. Once installed, users can successfully enroll their devices and receive ongoing security updates. Windows 10 reached end-of-support on October 14, 2025, making ESU enrollment crucial for continued security updates. The ESU program costs $30 for home users and $61 per device per year for enterprises, with escalating costs for multi-year commitments.

Timeline

  1. 11.11.2025 20:28 1 articles · 23h ago

    Microsoft Releases Emergency Update for Windows 10 ESU Enrollment Bug

    On November 11, 2025, Microsoft released an emergency out-of-band update (KB5071959) to fix a bug in the Windows 10 ESU enrollment process. This update resolves an issue that prevented users from enrolling in the ESU program, which is essential for receiving security updates post-end-of-support. The update is marked as a security update for devices not yet enrolled in the Windows 10 consumer ESU.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Windows 10 update bug triggers incorrect end-of-support alerts

A bug in the October 2025 Windows 10 updates triggers incorrect end-of-support alerts on systems running Windows 10 Enterprise LTSC 2021, Windows 10 IoT Enterprise LTSC 2021, and Windows 10 22H2 enrolled in the Extended Security Updates program. The bug causes affected devices to display 'Your version of Windows has reached the end of support' messages, despite the systems still being under active support or security coverage. Microsoft has deployed a cloud configuration update to correct the erroneous message, but some devices may not receive it due to connectivity or configuration issues. IT administrators can use Known Issue Rollback (KIR) to remove the incorrect messages on enterprise-managed devices. Microsoft released the first Windows 10 extended security update (KB5068781) on November 11, 2025, to address the bug for all customers enrolled in the Extended Security Updates (ESU) program.

Open in new tab

Microsoft September 2025 Patch Tuesday addresses 81 vulnerabilities, including two zero-days

Microsoft's November 2025 Patch Tuesday addressed 63 vulnerabilities, including one actively exploited zero-day vulnerability (CVE-2025-62215), a critical Remote Code Execution flaw (CVE-2025-60724), and several other notable vulnerabilities. The updates also included fixes for multiple elevation of privilege, remote code execution, information disclosure, denial-of-service, and spoofing vulnerabilities. Microsoft has released the first extended security update (ESU) for Windows 10, advising users to upgrade to Windows 11 or enroll in the ESU program. The KB5068781 update, the first Windows 10 extended security update since the operating system reached end of support on October 14, 2025, includes fixes for 63 flaws and one actively exploited elevation-of-privilege vulnerability. The September 2025 Patch Tuesday addressed 80 vulnerabilities, including 13 critical vulnerabilities. The updates fixed a range of issues, including privilege escalation, remote code execution, information disclosure, and denial-of-service vulnerabilities. The patches also covered a critical flaw in Azure Networking and addressed a new lateral movement technique dubbed BitLockMove. Additionally, security updates were released by multiple vendors, including Adobe, Cisco, Google, and others. The September 2025 update included 38 elevation of privilege (EoP) vulnerabilities. The two zero-day vulnerabilities were CVE-2025-55234 in Windows SMB Server and CVE-2024-21907 in Microsoft SQL Server. The SMB vulnerability was exploited through relay attacks, while the SQL Server flaw involved improper handling of exceptional conditions in Newtonsoft.Json. The updates also included hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing to assess compatibility issues. The KB5065429 cumulative update for Windows 10 22H2 and 21H2 included fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update enabled auditing SMB client compatibility for SMB Server signing and SMB Server EPA, and included an opt-in feature for administrators to allow outbound network traffic from Windows 10 devices.

Open in new tab