Full Report
Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. [...]
Analysis Summary
# Vulnerability: Windows 10 KB5082200 Cumulative Security Update (April 2026)
## CVE Details
*Note: The provided text refers to a cumulative update fixing 167 flaws. Below are the primary metrics for the highlighted zero-day vulnerabilities mentioned in the context.*
- **CVE ID:** CVE-2026-UNKNOWN-ZD1, CVE-2026-UNKNOWN-ZD2 (Two Zero-Days addressed)
- **CVSS Score:** N/A (Total of 167 vulnerabilities fixed in this cycle)
- **CWE:** Included fixes for RDP-based phishing and Secure Boot bypasses.
## Affected Systems
- **Products:** Windows 10 Enterprise, Education, and IoT Enterprise; Windows 10 Enterprise LTSC.
- **Versions:**
- Windows 10 Version 22H2 (Updated to Build 19045.7184)
- Windows 10 Enterprise LTSC 2021 (Updated to Build 19044.7184)
- **Configurations:** Systems enrolled in the Extended Security Update (ESU) program or utilizing LTSC versions.
## Vulnerability Description
This update addresses 167 security flaws, most notably:
1. **Remote Desktop Protocol (RDP) Phishing:** A flaw allowed malicious `.rdp` files to be used in phishing campaigns to initiate unauthorized connections or harvest credentials.
2. **Secure Boot Vulnerabilities:** Issues related to the handling of Secure Boot certificates, including a fix for a flaw that caused Intel-based devices supporting Connected Standby to incorrectly trigger BitLocker Recovery screens during Secure Boot updates.
3. **Authentication Failure:** A bug in previous updates (March 2026) caused a "no Internet" error during Microsoft Account sign-ins, preventing access to services like Microsoft Teams.
## Exploitation
- **Status:** **Exploited in the Wild** (2 Zero-days reported as exploited at the time of release).
- **Complexity:** Low to Medium (depending on the specific CVE).
- **Attack Vector:** Network / Remote (specifically via RDP files and phishing vectors).
## Impact
- **Confidentiality:** High (Credential theft via RDP phishing).
- **Integrity:** High (Potential for Secure Boot bypass and unauthorized system modifications).
- **Availability:** Medium (BitLocker recovery loops causing lockout).
## Remediation
### Patches
- **Windows 10 KB5082200:** Cumulative security update for the April 2026 cycle. Users should apply this via Windows Update or the Microsoft Update Catalog.
### Workarounds
- **RDP Hardening:** Avoid opening unsolicited `.rdp` files from untrusted sources.
- **Secure Boot Monitoring:** Use the new Windows Security App status badges to monitor the rollout of the 2026 Secure Boot certificates before the June expiration of 2011 certificates.
## Detection
- **Indicators of Compromise:** Unusual `.rdp` file activity or unexpected connection requests.
- **Detection methods and tools:**
- Check for **Build 19045.7184** (or higher) to confirm patch application.
- Monitor the **Windows Security App** (Settings > Update & Security > Windows Security) for badges or notifications regarding Secure Boot and certificate status.
## References
- Microsoft Support KB5082200: hxxps[://]support[.]microsoft[.]com/en-us/topic/april-14-2026-kb5082200-os-builds-19045-7184-and-19044-7184-4fa6421d-5c52-4aa1-ace0-647647282000
- Microsoft Security Advisory - RDP Warnings: hxxps[://]go[.]microsoft[.]com/fwlink/?linkid=2347342
- BleepingComputer April 2026 Patch Tuesday Report: hxxps[://]www[.]bleepingcomputer[.]com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/