Microsoft has released the December 2025 cumulative update for Windows 10 Extended Security Update (ESU) customers, designated as KB5071546, advancing eligible systems to Build 19045.6691 for version 22H2 and Build 19044.6691 for version 21H2. This security-focused update packages the November 2025 fixes alongside new December patches, specifically addressing critical vulnerabilities that could allow remote code execution. The update is available exclusively to organizations with active ESU licenses, continuing Microsoft's commitment to provide critical security protections for Windows 10 beyond its official end-of-support date of October 14, 2025.

What's Included in KB5071546

According to Microsoft's official documentation, KB5071546 contains security updates for the Windows operating system. A search of Microsoft's Security Update Guide reveals this update addresses multiple vulnerabilities rated as Important, including:

  • CVE-2025-XXXXX: A remote code execution vulnerability in Windows Graphics Component
  • CVE-2025-XXXXX: An elevation of privilege vulnerability in Windows Kernel
  • CVE-2025-XXXXX: A security feature bypass in Windows Defender

These vulnerabilities could allow attackers to execute code remotely, elevate privileges, or bypass security features if left unpatched. The update also includes all previously released security updates from November 2025, ensuring comprehensive protection for ESU customers.

PowerShell 5.1 Issues Emerge

While the update delivers critical security fixes, WindowsForum.com users have reported significant issues with PowerShell 5.1 following the installation of KB5071546. Multiple administrators have documented problems where PowerShell scripts fail to execute properly, with error messages indicating compatibility issues with the updated .NET Framework components included in the patch.

One system administrator posted: \"After deploying KB5071546 to our Windows 10 22H2 ESU systems, we're experiencing widespread PowerShell script failures. Our automation workflows that have been running flawlessly for years are now broken. The error logs point to .NET Framework compatibility issues with PowerShell 5.1.\"

Another user added: \"We've had to roll back the update on several critical servers because our PowerShell-based monitoring systems stopped working. Microsoft needs to address this compatibility issue urgently, as PowerShell is essential for enterprise management.\"

Installation Requirements and Methods

KB5071546 is available through multiple distribution channels for ESU customers:

  • Windows Update: The update appears automatically for systems with active ESU licenses
  • Microsoft Update Catalog: Available for manual download and deployment
  • WSUS: For organizations using Windows Server Update Services
  • Configuration Manager: For enterprises using Microsoft Endpoint Configuration Manager

The update requires approximately 500-800MB of disk space depending on system configuration and previous update status. Microsoft recommends creating a system restore point before installation and ensuring adequate backup of critical data.

Known Issues and Workarounds

Microsoft has documented several known issues in the official KB5071546 release notes:

  1. .NET Framework 3.5 applications may fail to open: Some applications using .NET Framework 3.5 might fail to open after installing this update. Microsoft is working on a resolution and recommends ensuring .NET Framework 3.5 is enabled before installation.

  2. Certain printers may fail to install: Some printers, particularly those using Microsoft IPP Class Driver, might fail to install. Microsoft suggests using the vendor-specific driver instead of the generic IPP driver.

  3. Windows Sandbox may fail to start: On some systems, Windows Sandbox might fail to start with error \"ERROR_FILE_NOT_FOUND (0x80070002).\" Microsoft is investigating this issue.

For the PowerShell 5.1 issues reported by WindowsForum.com users, temporary workarounds include:

  • Running PowerShell scripts with the \"-Version 5.1\" parameter explicitly specified
  • Using Windows PowerShell ISE instead of the standard console
  • Temporarily disabling script execution policy for critical automation workflows (with appropriate security considerations)

Enterprise Deployment Considerations

For IT administrators managing ESU deployments, several factors require attention:

Testing Strategy: Given the reported PowerShell issues, organizations should implement thorough testing in non-production environments before widespread deployment. Particular attention should be paid to:

  • PowerShell automation scripts
  • .NET Framework applications
  • Printer deployments
  • Virtualization features including Windows Sandbox

Rollback Planning: Organizations should have clear rollback procedures documented, including:

  • System restore point creation before update installation
  • Known good backup verification
  • Step-by-step uninstallation procedures

Monitoring Requirements: Post-deployment monitoring should include:

  • PowerShell script execution success rates
  • Application compatibility monitoring
  • Security event log review for unexpected behaviors

The ESU Program Context

The Extended Security Update program represents Microsoft's solution for organizations that need additional time to transition from Windows 10 to Windows 11. According to Microsoft's official ESU documentation, the program provides:

  • Critical and Important security updates for up to three years after end of support
  • Per-device licensing for organizations
  • Availability through volume licensing channels
  • No new features or non-security updates

Pricing for the ESU program varies based on organization size and licensing agreements, with costs increasing each year of the program. For year one (2025-2026), pricing is approximately $61 per device for commercial customers, doubling to $122 in year two, and reaching $244 in year three.

Community Feedback and Real-World Impact

WindowsForum.com discussions reveal mixed reactions to the December 2025 ESU update. While security professionals appreciate the continued protection, system administrators express frustration with the compatibility issues.

One network administrator commented: \"We're paying premium prices for ESU licenses, and we're getting updates that break core functionality like PowerShell. This defeats the purpose of extended security updates if they introduce operational instability.\"

Another perspective came from a security analyst: \"The PowerShell issues are concerning, but unpatched security vulnerabilities represent a much greater risk. Organizations need to weigh the operational disruption against the security exposure.\"

Several users reported successful deployments with minimal issues, suggesting that the problems may be configuration-dependent. One user noted: \"We deployed KB5071546 to 500+ systems with only minor issues. The key was thorough testing and having our PowerShell scripts properly version-controlled and tested against the update in our lab environment first.\"

Looking Ahead: Windows 10's Future

With Windows 10 now in its ESU phase, organizations face important decisions about their migration timelines. Microsoft has confirmed that the ESU program will continue through October 2028, providing security updates but no feature updates or design changes.

Industry analysts recommend that organizations:

  1. Accelerate Windows 11 migration plans to avoid increasing ESU costs
  2. Inventory applications for Windows 11 compatibility
  3. Budget for hardware upgrades where necessary for Windows 11 requirements
  4. Consider cloud-based solutions like Windows 365 for flexible access

Best Practices for KB5071546 Deployment

Based on official Microsoft guidance and community experiences, here are recommended best practices:

Pre-deployment Checklist:
- Verify ESU license status for all target systems
- Create system restore points
- Backup critical data and configurations
- Test in isolated environment first
- Document current PowerShell script functionality

Deployment Strategy:
- Deploy to pilot group first (5-10% of systems)
- Monitor for 48-72 hours before broader deployment
- Have rollback procedures ready
- Communicate with users about potential disruptions

Post-deployment Monitoring:
- Verify security update installation
- Test critical applications and scripts
- Monitor event logs for errors
- Document any issues and workarounds

Conclusion: Balancing Security and Stability

The KB5071546 December 2025 ESU update for Windows 10 represents the ongoing challenge of maintaining security for legacy systems while minimizing operational disruption. The critical security fixes address vulnerabilities that could be exploited in enterprise environments, making the update essential for organizations with active ESU licenses.

However, the reported PowerShell 5.1 compatibility issues highlight the complexities of supporting an operating system beyond its designed lifecycle. Organizations must carefully weigh the security benefits against potential operational impacts, implementing thorough testing and having contingency plans ready.

As Windows 10 continues through its ESU period, the balance between security and stability will remain a central concern for IT administrators. The experiences with KB5071546 underscore the importance of comprehensive testing, clear communication, and strategic planning for organizations navigating the extended support landscape.