March 10, 2026—KB5078752 (OS Build 17763.8511)
Applies To
Release Date:
3/10/2026
Version:
OS Build 17763.8511
Windows Secure Boot certificate expirationÂ
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. Â
For details and preparation steps for Windows devices, see Windows Secure Boot certificate expiration and CA updates.
For details and preparation steps for Windows servers, see the following resources:
Windows updates do not install Microsoft Store application updates. If you are an enterprise user, see Microsoft Store apps - Configuration Manager. If you are a consumer user, see Get updates for apps and games in Microsoft Store.
Support for Windows Server 2019 will end in January 2029
After January 9, 2029, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows Server 2019. We recommend that you upgrade to a later version of Windows Server.
Summary
This article lists the security issues and quality improvements included in this security update.
Applies to: Windows Server 2019
This security update includes fixes and quality improvements that are part of the following update:
The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[Windows System Image Manager] This update adds a warning dialog to help users confirm that the selected catalog file comes from a trusted source.
-
[File History] Improved: File History in Control Panel when backing up files. New files with names containing some Chinese and Private Use Area characters can now be backed up.
-
[Secure Boot] With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. This targeting is based primarily on client device diagnostic data; due to limited data, servers are unlikely to qualify, though not explicitly excluded. Devices receive new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the March 2026 Security Updates.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page.
Known issues in this update​​​​​​​
Symptoms
After installing this update released on or after January 13, 2026, Japanese language installations of Windows Server 2019 might not correctly display Japanese characters in the PowerShell console.
This issue is caused by an unintended change to PowerShell encoding settings, which are incorrectly set to UTF-8 following the installation of the update. English language text can appear correctly, and commands can be entered as usual. However, Japanese output text appears garbled, or with the appearance of question marks where Japanese text is intended to be shown. Japanese text which is entered into PowerShell will also be affected in the same way.
Workaround
There are two methods to address this issue:
Method 1: Start PowerShell from a Command Prompt
-
Open the Command Prompt (cmd.exe) console. To do this, you can click Start, type cmd in the Search box, and then select cmd from the results.
-
In the Command Prompt window, type powershell.exe and then press Enter. This opens a PowerShell console where this issue does not occur.
Method 2: Change the font in the PowerShell console
-
Start PowerShell as usual. To do this, you can click Start, type powershell in the Search box, and then select powershell from the results.
-
Right-click the top bar of the PowerShell console, select Properties, and then select the Font tab. Here, select MS Gothic, and then click OK.
Next steps
We are working on releasing a resolution for this issue in a future Windows update. We will provide an update when more information is available.
Applies to: Windows 10 Enterprise LTSC 2019
This security update includes fixes and quality improvements that are part of the following update:
The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.
-
[Windows System Image Manager] This update adds a warning dialog to help users confirm that the selected catalog file comes from a trusted source.
-
[File History] Improved: File History in Control Panel when backing up files. New files with names containing some Chinese and Private Use Area characters can now be backed up.
-
[Secure Boot] With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. This targeting is based primarily on client device diagnostic data; due to limited data, servers are unlikely to qualify, though not explicitly excluded. Devices receive new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.
For more information about security vulnerabilities, please refer to the new Security Update Guide website and the March 2026 Security Updates.
For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page.
Known issues in this update
We are currently not aware of any issues with this update.
Servicing stack update (KB5075903) - 17763.8381
Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improves the reliability of the update process and includes fixes to the servicing stack, the component that installs Windows updates.
Note: This servicing stack update (SSU) includes enhanced logic to verify whether a device is hosted on Azure, leveraging an updated certificate chain for validation. To ensure that the device can access the required certificate update domains to successfully download and install certificate updates, see Certificate downloads and revocation lists and Azure Certificate Authority details. To learn more about SSUs, see Servicing stack updates.
How to get this update
Before you install this update
You must have installed the August 10, 2021 SSU (KB5005112) before installing this cumulative update.
Install this update
To install this update, use one of the following Microsoft release channels.
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update. |
|
Available |
Next Step |
|
|
This update will be downloaded and installed automatically from Windows Update for Business in accordance with configured policies. |
|
Available |
Next Step |
|
|
To get the standalone package for this update, go to the Microsoft Update Catalog website. For information about how to download and install updates from the Update Catalog, see How to download updates that include drivers and hotfixes from the Windows Update Catalog. |
|
Available |
Next Step |
|
|
This update will automatically sync with Windows Server Update Services (WSUS) if you configure Products and Classifications as follows:
To set up your WSUS server to sync based on products and classifications, see Synchronizing Update by Product and Classification. To manually import updates into WSUS, see Import updates into WSUS by using PowerShell. |
If you want to remove the LCU
Before you decide to remove the LCU, please see Understanding the risks: Why you should not uninstall security updates.
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
File information
A list of the files that are included in this update are provided in a CSV (Comma delimited) (*.csv) file. The file can be opened in a text editor such as Notepad or in Microsoft Excel.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
