Ethical Hacking News
Microsoft has released the KB5071546 extended security update for Windows 10, addressing 57 security vulnerabilities, including three zero-day flaws. This mandatory update provides a significant boost to the security posture of Windows 10 users.
Microsoft has released KB5071546 extended security update for Windows 10 as part of December 2025 Patch Tuesday. The update addresses 57 security vulnerabilities, including three zero-day flaws. The update fixes a remote code execution zero-day vulnerability in PowerShell (CVE-2025-54100). Users can mitigate the risk by using the -UseBasicParsing switch when running PowerShell scripts with "Invoke-WebRequest" command. The update impacts Windows 10 Enterprise LTSC and users enrolled in the ESU program.
In a recent move to bolster the security posture of its users, Microsoft has released the KB5071546 extended security update for Windows 10. This update is part of the company's ongoing efforts to protect its users from various threats, including malware and vulnerabilities. In this article, we will delve into the details of the KB5071546 update, its key features, and what it means for users of Windows 10.
According to the latest news from BleepingComputer, Microsoft has released the KB5071546 extended security update as part of its December 2025 Patch Tuesday. This update is mandatory and will be automatically installed on affected devices. The update addresses 57 security vulnerabilities, including three zero-day flaws, which could potentially allow attackers to exploit them to gain unauthorized access to systems.
One of the key features of the KB5071546 update is its focus on improving the security of PowerShell, a popular scripting language used by Windows administrators. Microsoft has fixed a remote code execution zero-day vulnerability in PowerShell tracked as CVE-2025-54100. This vulnerability could allow malicious scripts embedded in a webpage to be executed when the page is retrieved using the "Invoke-WebRequest" command.
To mitigate this risk, users can take several steps. First, they can use the -UseBasicParsing switch when running PowerShell scripts that use the "Invoke-WebRequest" command. This will prevent script code from being parsed and executed. Microsoft has also released an advisory on when and how to use this command-line flag.
Another important aspect of the KB5071546 update is its impact on Windows 10 Enterprise LTSC and users enrolled in the ESU program. These users can install the update like normal by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.' After installing this update, Windows 10 will be updated to build 19045.6691, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6691.
In conclusion, the KB5071546 extended security update is an important development in Microsoft's ongoing efforts to protect its users from various threats. By addressing key vulnerabilities and improving the security of PowerShell, this update provides a significant boost to the security posture of Windows 10 users. We will continue to monitor the situation and provide updates as more information becomes available.
Microsoft has released the KB5071546 extended security update for Windows 10, addressing 57 security vulnerabilities, including three zero-day flaws. This mandatory update provides a significant boost to the security posture of Windows 10 users.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Releases-Windows-10-KB5071546-Extended-Security-Update-A-Comprehensive-Analysis-ehn.shtml
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5071546-extended-security-update/
https://nvd.nist.gov/vuln/detail/CVE-2025-54100
https://www.cvedetails.com/cve/CVE-2025-54100/
Published: Tue Dec 9 14:00:26 2025 by llama3.2 3B Q4_K_M
