April 8, 2025—KB5055519 (OS Build 17763.7136)
Applies To
Win 10 Ent LTSC 2019 Win 10 IoT Ent LTSC 2019 Windows 10 IoT Core LTSC Windows Server 2019Release Date:
4/8/2025
Version:
OS Build 17763.7136
Support for Windows 10 will end in October 2025
After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page.
Important Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.
Summary
This cumulative update contains security and quality improvements. The following is a summary of the key issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.
-
This update addresses security issues for your Windows operating system.
-
[Daylight Saving Time (DST)] Update for the Aysen region in Chile to support the government DST change order in 2025. For more information about DST changes, see the Daylight Saving Time & Time Zone Blog.
-
[OS Security] After installing this update or a later Windows update, a new %systemdrive%\inetpub folder will be created on your device. This folder should not be deleted regardless of whether Internet Information Services (IIS) is enabled on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users. For more information, see CVE-2025-21204.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the April 2025 Security Updates.
Windows 10 servicing stack update (KB5055662) - 17763.7125
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing updates.
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. To learn more about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.
Known issues in this update
Symptoms
Devices that have certain Citrix components installed might be unable to complete installation of the January 2025 Windows security update. This issue was observed on devices with Citrix Session Recording Agent (SRA) version 2411. The 2411 version of this application was released in December 2024. Affected devices might initially download and apply the January 2025 Windows security update correctly, such as via the Windows Update page in Settings. However, when restarting the device to complete the update installation, an error message with text similar to “Something didn’t go as planned. No need to worry – undoing changes” appears. The device will then revert to the Windows updates previously present on the device. This issue likely affects a limited number of organizations as version 2411 of the SRA application is a new version. Home users are not expected to be affected by this issue.
Workaround
Citrix has documented this issue, including a workaround, which can be performed prior to installing the January 2025 Windows security update. For details, see Citrix’s documentation.
Microsoft is working with Citrix to address this issue and will update this documentation once a resolution is available.
Symptoms
Audit Logon/Logoff events in the local policy of the Active Directory Group Policy might not show as enabled on the device even if they are enabled and working as expected. This can be observed in the Local Group Policy Editor or Local Security Policy, where local audit policies show the "Audit logon events" policy with Security Setting of "No auditing".
This issue might only manifest as a reporting inconsistency. It’s possible that logon events are correctly being audited on the device. However, the “Audit logon events” policy will reflect that this is not the case. Home users are unlikely to be affected by this issue, as logon auditing is generally only necessary in enterprise environments.
Resolution
This issue is resolved in the April 11, 2025—KB5058922 (OS Build 17763.7240) Out-of-band update. This out-of-band (OOB) update is available only on the Microsoft Update Catalog. Since this is a cumulative update, you do not need to apply any previous update before installing it, and it supersedes all previous updates. Installation of this OOB will require a device restart.
If your organization has not deployed this update yet and you utilize Active Directory Group Policy, we recommend you apply the April 11, 2025—KB5058922 (OS Build 17763.7240) Out-of-band update instead.
As always, we recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
If you install an update released on or after April 11, 2025, you do not need to use a workaround for this issue.
If you are using an update released before April 11, 2025, and are experiencing this issue, there are adjustments that can be made to the Windows registry to prevent this issue. For information, see "Security auditing settings are not applied to Windows Vista-based and Window Server 2008-based computers when you deploy a domain-based policy".
How to get this update
Before you install this update
You must install the August 10, 2021 SSU (KB5005112) before installing this cumulative update.
Install this update
To install this update, use one of the following Windows and Microsoft release channels.
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update and Microsoft Update. |
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update for Business in accordance with configured policies. |
|
Available |
Next Step |
|
|
To get the standalone package for this update, go to the Microsoft Update Catalog website. |
|
Available |
Next Step |
|
|
This update will automatically sync with Windows Server Update Services (WSUS) if you configure Products and Classifications as follows: Product: Windows 10 Classification: Security Updates |
If you want to remove the LCU
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File information
A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
