Microsoft Windows lifecycle updates: Windows 11 optional update and paid Extended Security Updates for 2016-era products
Microsoft released an optional, non-security update for Windows 11 versions 25H2 and 24H2 (KB5077241), advancing OS builds to 26200.7922 and 26100.7922. Reported changes focus on functionality and reliability, including UI updates (e.g., redesigned battery icons and a refreshed Start menu experience), updates to Windows AI-related components, and a servicing stack update (SSU) KB5077371 intended to improve the robustness of future update installation; the rollout is described as phased/gradual before broader availability.
Separately, Microsoft outlined approaching end-of-support deadlines for Windows 10 Enterprise LTSB 2016, Windows 10 IoT Enterprise 2016 LTSB (both ending Oct 13, 2026), and Windows Server 2016 (ending Jan 12, 2027), after which only a paid Extended Security Updates (ESU) program can provide security patches for up to three additional years. Microsoft emphasized ESU provides security updates only (no new features, quality fixes, or technical support), with pricing starting at $61/device for year one (discounted to $45/device for Intune/Windows Autopatch-managed systems) and doubling each year; Windows Server 2016 ESU pricing was not disclosed, and Microsoft recommended upgrading to newer LTSC/LTS releases as the preferred path.
Related Entities
Organizations
Affected Products
Sources
Related Stories
Microsoft Windows lifecycle and update changes affecting Windows 10/Server 2016 and Windows 11
Microsoft is warning organizations that **Windows Server 2016**, **Windows 10 Enterprise LTSB 2016**, and **Windows 10 IoT Enterprise 2016 LTSB** are approaching end of support, after which they will no longer receive security patches, bug fixes, or technical support. Reported lifecycle dates include **October 13, 2026** for the Windows 10 2016 LTSB variants and **January 12, 2027** for Windows Server 2016; Microsoft’s guidance is to prioritize upgrades (e.g., to **Windows Server 2025** and Windows 10/11 LTSC options where hardware permits) and, if migration timelines slip, to use the **Extended Security Updates (ESU)** program as a short-term bridge for up to three years with only “critical” and “important” security updates. Separately, Microsoft released the **Windows 11 KB5077241** optional (non-security) preview cumulative update with 29 quality changes, including **BitLocker reliability** improvements (addressing freezes after entering a recovery key) and new built-in capabilities such as a taskbar **network speed test** and **native Sysmon functionality** (disabled by default). The update also enables **Quick Machine Recovery (QMR)** by default on certain unmanaged Windows Pro devices and is positioned for admin testing ahead of the next Patch Tuesday release, but it does **not** include security fixes.
2 weeks ago
Windows 11 25H2/24H2 Preview Updates Add AI Features and Flag Secure Boot Certificate Expiration
Microsoft began rolling out **Windows 11 preview updates** for versions **25H2 and 24H2** (including the optional non-security preview update `KB5074105` and Release Preview builds `26200.7701`/`26100.7701`) focused on functionality, performance, and reliability improvements rather than patching new security vulnerabilities. The updates emphasize expanded **AI-driven experiences** (including refinements to Copilot+ PC-related models and more natural-language assistance within Settings), along with usability changes and a simplified Windows update title format intended to reduce administrative friction in tools like **WSUS** and **Microsoft Configuration Manager**. Alongside these feature updates, Microsoft highlighted an operational security risk: **Windows Secure Boot certificates** used by most Windows devices are expected to begin expiring in **June 2026**, and organizations that do not update Certificate Authority (CA) material in time may face devices that cannot boot securely. Separately, consumer guidance circulated on bypassing Windows 11 hardware eligibility checks (notably **TPM 2.0** requirements) to upgrade “unsupported” PCs; while this may extend device usability after Windows 10 support ended, it can also undermine Microsoft’s intended security baseline and increase enterprise risk if adopted outside controlled policy.
1 months agoWindows 10 Extended Security Updates Program and Support Messaging Bug
Microsoft has introduced the Windows 10 Extended Security Updates (ESU) program, allowing eligible consumer users to receive an additional year of security updates after official support for Windows 10 ended. The ESU can be accessed for free by using Windows Backup, redeeming Microsoft Rewards points, or through a one-time purchase, with special provisions for users in the European Economic Area. The program is limited to up to 10 devices per user and is not available for corporate or commercial licenses, requiring devices to run at least version 22H2 and be linked to an administrator Microsoft account. Following the October 2025 updates, a bug has caused some Windows 10 systems—including those enrolled in the ESU program and those running supported LTSC editions—to display incorrect end-of-support warnings. Microsoft clarified that this is a cosmetic issue and does not affect the delivery of security updates. A cloud configuration update has been deployed to address the erroneous messages, but some devices may require manual intervention using Group Policy and Known Issue Rollback. A permanent fix is planned for a future Windows update.
4 months ago