The Microsoft ecosystem is experiencing a delicate moment: while Windows 11 has yet to take off among usersWindows 10 refuses to disappear even after the end of its mainstream support. Adding to this is an increase in security vulnerabilities detected in recent months, many of them linked to the technological transition and the push for artificial intelligence within the operating system.
In this scenario, the company has released a new security package The update for Windows 10 and Windows 11 is intended to patch dozens of vulnerabilities. This move comes after weeks of reports about security breaches and aims, in practice, to reduce the risk of attacks exploiting critical errors that affected both home users and businesses in Spain and the rest of Europe.
A key patch for Windows 10 and Windows 11
The new round of updates is part of the traditional publications of second Tuesday of the monthwhere Microsoft distributes patches for Windows and other products. This time, the focus is on a package that fixes 57 vulnerabilities in total, distributed between Windows 10 and the different editions of Windows 11.
According to the company itself, within that set of failures there are three zero-day vulnerabilities that were being actively exploitedThese are the most worrying cases, as they allow attackers to exploit security gaps before a solution is available to all users.
Regarding Windows 10, the update is distributed under the reference KB5071546. It's noteworthy because It arrives despite the fact that the system stopped receiving standard support.This reflects the importance Microsoft places on this particular patch. However, not all Windows 10 users will be able to install it, as we'll see later.
In the case of Windows 11, the 24H2 and 25H2 versions They receive patch KB5072033, while the 23H2 edition It is covered with update KB5071417. This staggered distribution responds to the fragmentation of the device stock and the need to offer different builds depending on the installed version.
How many vulnerabilities does it fix and why are they important?
The new security package It affects both Windows 10 22H2 (in extended support) as with Windows 11. In total, 57 vulnerabilities have been resolved, although the distribution varies between versions: for Windows 11, builds 24H2 and 25H2 have a total of 36 corrected flaws, while Windows 10 22H2 has 31 vulnerabilities fixed.
Almost all of these failures have been categorized as having a level of danger. "important", a category that Microsoft reserves for problems that can be exploited with relative ease or that have a significant impact on security. None of them have been labeled as “critical”But that doesn't mean they can be taken lightly, especially those that were already being used by attackers.
Among the fixed zero-day vulnerabilities, three specific identifiers stand out, affecting different components and services. One of the most relevant for users is... CVE-2025-54100, a vulnerability associated with PowerShell. Along with this, other resolved flaws are related to privilege escalation and remote code execution (RCE), two types of attack that, in the worst case, allow taking complete control of the team.
In the European context, where Windows continues to dominate the desktop operating system marketThese types of updates have a direct impact on businesses, government agencies, and individuals. The presence of vulnerabilities that allow privilege escalation to the point of obtaining SYSTEM permissions makes outdated systems a particularly attractive target for cybercriminals.
The PowerShell vulnerability: CVE-2025-54100
Among all the fixes included in the patch, the one that has garnered the most attention is CVE-2025-54100, a major security flaw in PowerShellThis component is widely used in professional environments and by advanced users, which multiplies the potential scope of the problem.
The vulnerability allowed an attacker It will execute code embedded in web pages using the Invoke-WebRequest command.In practice, it was enough to visit malicious content with scripts specifically prepared so that, under certain conditions, code execution could be triggered without the user being fully aware.
To mitigate the risk, Microsoft has modified the behavior of the affected command, so that An additional confirmation step is now introduced when attempting to perform certain operations. This new request to the user offers a final opportunity to stop suspicious processes before they are carried out.
The company has also published An updated guide with recommendations for using PowerShell 5.1 more securelyAmong the recommendations, emphasis is placed on checking the origin of downloaded scripts, avoiding executing commands from websites of dubious reputation, and strengthening internal security policies in companies and public bodies.
These types of changes may require a small adjustment in the day-to-day work of administrators and technicians, but They significantly reduce the attack surface. in an environment where more and more processes are being automated using scripts and command-line tools.
Windows 10: extended support, but still very much present
One of the most striking aspects of this update is that Windows 10 continues to receive security patches despite having exceeded its standard support cycleOfficially, that phase ended in October 2025, although Microsoft has established exceptions for certain types of users.
Today, approaching 40% of the market shareWindows 10 maintains a significant global presence, with similar figures in many European countries. The system's dominance, especially in corporate environments and public administrations, makes a sudden withdrawal without transition mechanisms difficult.
To address that need, the new patch It is distributed only to those who meet one of these requirements: be registered in the Extended Security Updates (ESU) program or use the Windows 10 Enterprise LTSC edition. In both cases, we are talking about computers that, for stability or compatibility reasons, cannot be quickly migrated to Windows 11.
The program ESU offers extended security support until at least October 2026 In exchange for a fee, it is primarily aimed at companies, organizations, and some institutions that need to keep critical systems operational. Meanwhile, the variant Enterprise LTSC is designed for industrial environments, kiosks, medical systems, or infrastructure.where stability is prioritized over new features.
Those who use Windows 10 outside of these programs and have not upgraded to Windows 11 They will be exposed to future vulnerabilities that are no longer corrected.Therefore, the general recommendation in Europe and Spain is to plan an orderly migration as soon as possible or to consider extended support options if the change is not viable in the short term.
How to get and install the new patch
For most Windows 11 users, The easiest way to install new updates is still through Windows Update.Simply access the Settings menu, enter the "Windows Update" section and click on "Check for updates" so that the system locates and downloads the corresponding patches (KB5072033 or KB5071417, depending on the version).
For Windows 10 under extended support, the process is similar, provided the device is part of the ESU program or is running an Enterprise LTSC edition eligible to receive KB5071546. The update It will appear as available for manual installation from the Windows Update panel..
Those who prefer finer control over the process, or need to update multiple networked devices, They can use the Microsoft Update CatalogFrom that portal it is possible to download the .msu files corresponding to each patch code and install them manually on the systems you want to keep up to date.
Systems specialists usually recommend, before applying these types of packages, perform a full backup of the equipmentIn this way, if any problems arise after the restart, it is possible to recover the previous state without data loss.
In environments with multiple computers, such as offices, educational centers or SMEs, It is advisable to test the patch first on a small group of machines controlled. This ensures that there are no serious incompatibilities before extending the update to the rest of the jobs.
Best practices and what to do if the update causes problems
In addition to installing patches, cybersecurity experts insist on combining these measures with good practices for daily useThese measures include limiting accounts with administrator privileges, keeping complementary software (browsers, office suites, drivers) up to date, and closely monitoring computers most exposed to the Internet.
In the specific case of PowerShell, Microsoft recommends Exercise extreme caution when running scripts downloaded from the internet and review both the origin and the content when dealing with instructions copied from forums, technical blogs, or other online resources.
If after applying KB5071546, KB5072033 or KB5071417 a computer starts behaving abnormally, there is the option to Temporarily uninstall the update from the Windows Update historySimply go to Settings > Windows Update > Update history and select "Uninstall updates", choosing the conflicting patch from the list.
Another alternative for advanced users is to use PowerShell or the command prompt with the command wusa.exe /uninstall /kb:5072033 /quiet (Changing the KB number as needed). This measure should be considered temporary while checking whether Microsoft releases additional patches or specific solutions for the detected problem.
With this new security package, Microsoft is trying to contain an increasingly demanding landscape of vulnerabilitiesIn this environment, a veteran system like Windows 10—still very prevalent in Europe—coexists with the company's latest offering, Windows 11, which is still in the process of gaining the trust of all its users. Keeping both systems updated, reviewing internal security policies, and adopting prudent habits when browsing or running scripts becomes, more than ever, essential to reduce risks and avoid problems in the short and medium term.
