Microsoft Issues Windows 10 KB5082200 Update to Patch 167 Vulnerabilities Including Two Zero‑Days
What Happened – Microsoft released the KB5082200 extended security update for Windows 10, addressing 167 CVEs from the April 2026 Patch Tuesday, among them two active zero‑day exploits. The update adds Remote Desktop Protocol (RDP) file phishing protections and Secure Boot status indicators.
Why It Matters for TPRM – • Unpatched Windows 10 endpoints remain a high‑risk attack surface for third‑party vendors.
• Zero‑day exploits can be leveraged to compromise supply‑chain partners and exfiltrate data.
• New security controls (RDP warnings, Secure Boot visibility) affect compliance baselines and must be validated in vendor environments.
Who Is Affected – All organizations that run Windows 10 Enterprise LTSC or are enrolled in Microsoft’s Extended Security Updates (ESU) program – spanning finance, healthcare, manufacturing, government, and SaaS providers.
Recommended Actions – • Verify that all Windows 10 endpoints under vendor contracts have installed KB5082200.
• Review RDP and Secure Boot configuration changes against your security policies.
• Update your asset inventory to reflect the new build numbers (19045.7184 / 19044.7184).
Technical Notes – Attack vector: exploitation of two zero‑day vulnerabilities (details disclosed in Microsoft security advisory). Fixes delivered via cumulative update; no new features, only security and bug fixes. Data types: operating system binaries, Secure Boot certificates, RDP configuration files. Source: BleepingComputer