Final Windows 10 Patch Tuesday update rolls out as support ends

In what marks the end of an era, Microsoft has released the Windows 10 KB5066791 cumulative update, the final cumulative update for the operating system as it reaches the end of its support lifecycle.

It should be noted that users will still be able to receive extended security updates (ESUs) for up to 1 year (consumers) and 3 years (enterprise).

The Windows 10 KB5066791 update is mandatory, as it contains Microsoft's October 2025 Patch Tuesday security updates, which address six zero-day vulnerabilities and 172 other flaws.

Windows users can install this update by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.'

However, as this update is mandatory, it will automatically start installing in Windows once you check for updates. To make this more manageable, you can schedule a time when your computer is restarted to finish the installation.

After installing this update, Windows 10 22H2 will be updated to build 19045.6456, and Windows 10 21H2 will be updated to build 19044.6456.

Windows 10 users can also manually download and install the KB5066791 update from the Microsoft Update Catalog.

What's new in Windows 10 KB5066791

Windows 10 has officially reached end of support today, no longer receiving updates unless customers and organizations subscribe to extended security updates.

"After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10," warns Microsoft.

"Your PC will still work, but we recommend moving to Windows 11."

Consumers can enroll in extended security updates to receive a year of additional security updates, while the enterprise can purchase up to three years of extended updates.

However, Windows 10 users in the EMEA are able to get free extended security updates for one year.

The complete list of changes and fixes in the Windows 10 KB5066791 update is listed below:

• [Input and Composition]

  • Fixed: An issue with the Chinese Input Method Editor (IME). Private Unicode characters were shown incorrectly and did not meet GB18030 standard.

  • Fixed: An issue that affects USER32 Edit controls. Surrogate pairs appear as empty boxes when text fields reach their length limit.

• [Windows Remote Management (WinRM)]

  • Fixed: An issue that affects PowerShell Remoting and WinRM in which commands time out after 600 seconds.

• [Licensing]

  • New! This update introduces a servicing stack update (SSU) which incorporates an updated certificate chain to improve Azure environment validation. For more information, see the servicing stack update section.

• [Fax modem driver]

  • This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows.

• [SMBv1 protocol connectivity (known issue)] Fixed: An issue where you might not be able to connect to shared files and folders if you're using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP NetBIOS (NetBT). This can happen after installing update KB5065429.

• [Autopilot Enrollment Status Page (ESP) (known issue)] Fixed: An issue when using Windows Autopilot to deploy Windows 10, version 22H2, to devices with the Enrollment Status Page (ESP) configured might find that the ESP doesn't load during the Out-of-Box Experience (OOBE).

A complete list of fixes can be found in the KB5066791 support bulletin and last month's KB5066198 preview update bulletin.

Microsoft states that there are no known issues with this update as Microsoft ends its support for the operating system.