Microsoft Windows lifecycle and update changes affecting Windows 10/Server 2016 and Windows 11
Microsoft is warning organizations that Windows Server 2016, Windows 10 Enterprise LTSB 2016, and Windows 10 IoT Enterprise 2016 LTSB are approaching end of support, after which they will no longer receive security patches, bug fixes, or technical support. Reported lifecycle dates include October 13, 2026 for the Windows 10 2016 LTSB variants and January 12, 2027 for Windows Server 2016; Microsoft’s guidance is to prioritize upgrades (e.g., to Windows Server 2025 and Windows 10/11 LTSC options where hardware permits) and, if migration timelines slip, to use the Extended Security Updates (ESU) program as a short-term bridge for up to three years with only “critical” and “important” security updates.
Separately, Microsoft released the Windows 11 KB5077241 optional (non-security) preview cumulative update with 29 quality changes, including BitLocker reliability improvements (addressing freezes after entering a recovery key) and new built-in capabilities such as a taskbar network speed test and native Sysmon functionality (disabled by default). The update also enables Quick Machine Recovery (QMR) by default on certain unmanaged Windows Pro devices and is positioned for admin testing ahead of the next Patch Tuesday release, but it does not include security fixes.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Windows Server 2016 reaches end of support
Windows Server 2016 is scheduled to reach end of support, after which it will no longer receive security updates, bug fixes, or technical support. Microsoft recommends upgrading to a newer server release or using ESU as a temporary measure.
Windows 10 Enterprise LTSB 2016 and IoT Enterprise 2016 LTSB reach end of support
Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB are scheduled to stop receiving security patches, bug fixes, non-security updates, and technical support. Microsoft says organizations should migrate or rely on ESU if eligible.
Microsoft reminds customers of 2026-2027 Windows end-of-support deadlines
Microsoft warned organizations that Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will reach end of support on 2026-10-13, and Windows Server 2016 will reach end of support on 2027-01-12. It advised customers to upgrade to newer releases or use the Extended Security Updates program as a temporary bridge.
Microsoft releases Windows 11 KB5077241 preview update
Microsoft released the optional non-security Windows 11 cumulative preview update KB5077241, adding 29 quality and feature changes for testing ahead of the next Patch Tuesday. The update improves BitLocker reliability, adds native System Monitor functionality disabled by default, and updates Windows 11 25H2 and 24H2 to builds 26200.7922 and 26100.7922.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Windows lifecycle updates: Windows 11 optional update and paid Extended Security Updates for 2016-era products
Microsoft released an **optional, non-security** update for Windows 11 versions **25H2 and 24H2** (KB`5077241`), advancing OS builds to **26200.7922** and **26100.7922**. Reported changes focus on functionality and reliability, including UI updates (e.g., redesigned battery icons and a refreshed Start menu experience), updates to Windows AI-related components, and a servicing stack update (SSU) KB`5077371` intended to improve the robustness of future update installation; the rollout is described as phased/gradual before broader availability. Separately, Microsoft outlined approaching end-of-support deadlines for **Windows 10 Enterprise LTSB 2016**, **Windows 10 IoT Enterprise 2016 LTSB** (both ending **Oct 13, 2026**), and **Windows Server 2016** (ending **Jan 12, 2027**), after which only a paid **Extended Security Updates (ESU)** program can provide security patches for up to three additional years. Microsoft emphasized ESU provides *security updates only* (no new features, quality fixes, or technical support), with pricing starting at **$61/device** for year one (discounted to **$45/device** for Intune/Windows Autopatch-managed systems) and doubling each year; Windows Server 2016 ESU pricing was not disclosed, and Microsoft recommended upgrading to newer LTSC/LTS releases as the preferred path.
Mar 21, 2026
Windows 11 25H2/24H2 Preview Updates Add AI Features and Flag Secure Boot Certificate Expiration
Microsoft began rolling out **Windows 11 preview updates** for versions **25H2 and 24H2** (including the optional non-security preview update `KB5074105` and Release Preview builds `26200.7701`/`26100.7701`) focused on functionality, performance, and reliability improvements rather than patching new security vulnerabilities. The updates emphasize expanded **AI-driven experiences** (including refinements to Copilot+ PC-related models and more natural-language assistance within Settings), along with usability changes and a simplified Windows update title format intended to reduce administrative friction in tools like **WSUS** and **Microsoft Configuration Manager**. Alongside these feature updates, Microsoft highlighted an operational security risk: **Windows Secure Boot certificates** used by most Windows devices are expected to begin expiring in **June 2026**, and organizations that do not update Certificate Authority (CA) material in time may face devices that cannot boot securely. Separately, consumer guidance circulated on bypassing Windows 11 hardware eligibility checks (notably **TPM 2.0** requirements) to upgrade “unsupported” PCs; while this may extend device usability after Windows 10 support ended, it can also undermine Microsoft’s intended security baseline and increase enterprise risk if adopted outside controlled policy.
Mar 21, 2026
October 2025 Windows 11 Security and Feature Updates Deployment
Microsoft released cumulative updates KB5066835 and KB5066793 for Windows 11 versions 25H2/24H2 and 23H2 as part of the October 2025 Patch Tuesday. These updates are mandatory and address a range of security vulnerabilities discovered in previous months, ensuring that systems remain protected against the latest threats. The updates can be installed automatically through Windows Update or manually via the Microsoft Update Catalog, providing flexibility for both end users and enterprise administrators. After installation, the build numbers for Windows 11 25H2 and 24H2 are updated to Build 26200.6899 and 26100.6899, respectively, while 23H2 is updated to 226x1.6050. This release marks the first Patch Tuesday update for version 25H2, which shares its codebase with 24H2, resulting in identical fixes and improvements across both versions. Notably, this is the penultimate update for Windows 11 23H2, as its support is scheduled to end in November 2025. The update resolves several issues, including a bug that caused the print preview screen to freeze in Chromium-based browsers, and a problem where apps and games became unresponsive if users signed in with only a Gamepad at the lock screen. PowerShell Remoting and Windows Remote Management (WinRM) timeouts have been addressed, improving reliability for remote administration tasks. An issue preventing audit events from being logged has also been fixed, enhancing system monitoring and compliance. The update improves the setup process for Windows Hello face recognition, particularly when using USB infrared camera modules, ensuring smoother biometric authentication. Microsoft emphasizes the importance of keeping security intelligence up to date in its antimalware products, such as Microsoft Defender Antivirus, to maintain robust protection against evolving threats. Security intelligence updates are delivered automatically via Windows Update, but users and administrators can also trigger manual updates to ensure immediate coverage. These updates leverage cloud-based protection and AI-enhanced detection to rapidly identify and mitigate new malware and attack techniques. Microsoft provides troubleshooting resources for users experiencing issues with automatic updates, ensuring that security patches and intelligence updates are applied promptly. The integration of third-party materials in security intelligence updates is disclosed, maintaining transparency in the update process. Overall, the October 2025 Patch Tuesday updates represent a comprehensive effort by Microsoft to address security vulnerabilities, improve system stability, and enhance user experience across supported Windows 11 versions.
Mar 21, 2026