Microsoft has released the Windows 10 KB5078885 Extended Security Update (ESU) as part of its March 2026 Patch Tuesday cycle, addressing a total of 79 vulnerabilities. This critical update includes fixes for two zero-day flaws that are being actively exploited in the wild, alongside a resolution for a known issue preventing some devices from shutting down properly. The update is exclusively available for organizations enrolled in the Extended Security Update program and devices running Windows 10 Enterprise LTSC (Long-Term Servicing Channel) editions. Following installation, Windows 10 will be updated to build 19045.7058, while Windows 10 Enterprise LTSC 2021 will advance to build 19044.7058. It is crucial to note that Microsoft has ceased feature development for Windows 10; consequently, the KB5078885 update contains only security patches and non-security bug fixes carried over from previous updates.
The cybersecurity landscape prompting this update is particularly volatile. Microsoft has warned that threat actors are now leveraging artificial intelligence at every stage of the cyber kill chain, from reconnaissance to exploitation. Concurrently, security researchers have identified novel evasion techniques, such as the abuse of `.arpa` DNS domains and IPv6 protocols to bypass phishing defenses, and a new "Zombie ZIP" file method that allows malware to slip past traditional security tools. These developments underscore the critical importance of applying all available security updates promptly to maintain defensive postures against increasingly sophisticated attacks.
For eligible systems, administrators can install the KB5078885 update through the standard Windows Update process. The procedure involves navigating to Settings > Windows Update and manually selecting "Check for updates." Beyond the core security fixes, this update also delivers several functional improvements. These include an enhanced warning dialog in Windows System Image Manager to verify catalog file sources, refinements to File History in Control Panel for backing up files with specific Chinese and Private Use Area characters, stability improvements for certain GPU configurations, and updates to Secure Boot components via Windows quality updates.
The release of this ESU coincides with reports of other significant threats, including a new "BlackSanta" malware framework designed to disable Endpoint Detection and Response (EDR) tools, particularly targeting HR departments. Additionally, a fake "Claude Code" installer campaign is distributing information-stealing malware, while a new Android banking trojan named "BeatBanker" masquerades as a Starlink application. In this context, the KB5078885 update is a vital component of a layered defense strategy. Organizations must ensure this patch is deployed alongside other security hardening measures, such as enabling Kernel-mode Hardware-enforced Stack Protection in Windows 11 systems where applicable, and maintaining robust procedures for malware identification and removal.
