Win Update KB5085516 Windows 11 Out-of-band Update build 26100.8039 (24H2) and 26200.8039 (25H2) - March 21


UPDATE 3.26:
www.elevenforum.com

KB5079391 Windows 11 Cumulative Update Preview build 26100.8116 (24H2) and 26200.8116 (25H2) - March 26

Microsoft Support: March 26, 2026 - KB5079391 (OS Builds 26200.8116 and 26100.8116) Preview This non-security update for Windows 11, version 25H2 and 24H2 (KB5079391), incudes production-quality improvements. To learn more about differences between security updates, optional non-security preview...
www.elevenforum.com www.elevenforum.com


 Microsoft Support:

March 21, 2026 - KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band​


This out-of-band update for Windows 11, version 25H2 and 24H2 (KB5085516) is cumulative. It includes updates from previous security and non-security releases, along with an additional fix. To learn more about differences between security updates, optional non-security preview updates, out-of-band (OOB) updates, and continuous innovation, see Windows monthly updates explained. For information on Windows update terminology, see the different types of Windows software updates.

To view the latest updates about this release, visit the Windows release health dashboard or the update history page for Windows 11, version 25H2 and 24H2.

Improvements

This OOB contains quality improvements from KB5079473 (released March 10, 2026). The following summary outlines key issues addressed by this update. The bold text within the brackets indicates the item or area of the change.
  • [Microsoft account sign in] Fixed: After you install the Windows update released on or after March 10, 2026, some users might experience an issue signing in to apps with a Microsoft account. Even when the device has a working Internet connection, a “no Internet” error appears during sign in and prevents access to Microsoft services and apps such as Microsoft Teams Free and OneDrive.

    Note: Only sign ins using Microsoft accounts are affected. Businesses using Microsoft Entra ID for app authentication will not experience this issue.
This update is offered through Windows Update for devices running Windows 11 that have already installed KB5079473. It is also available for manual download from the Microsoft Update Catalog.

Devices with Get the latest updates as soon as they’re available turned on will receive this update automatically. If this setting is turned off, you can install the update manually by going to Settings > Windows Update and selecting Download & install.

Note: IT administrators using Microsoft Intune or Windows Autopatch should follow the guidance below for installing the OOB update via Windows Update.

AI Components

This release updates the following AI components:

AI ComponentVersion
Image Search1.2602.1451.0
Content Extraction1.2602.1451.0
Semantic Analysis1.2602.1451.0

Windows 11 servicing stack update (KB5083532)- 26100.8035

This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. To learn more about SSUs, see Simplifying on-premises deployment of servicing stack updates.

Known issues in this update

Microsoft is not currently aware of any issues with this update.

How to get this update

Before you install this update

Microsoft combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see Servicing stack updates.

Install this update

To install this update, use one of the following Windows and Microsoft release channels.

AvailableNext Step
Included
Open Start > Settings Update & Security > Windows Update. In the Optional updates available area, you will find the link to download and install available updates.

Check for optional updates
Included
To install this release from the Microsoft Update Catalog, select the option that matches your device architecture (arm64 or x64), and then follow the instructions.

If you want to remove the LCU

Before you decide to remove the LCU, see Understanding the risks: Why you should not uninstall security updates.

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

File information

For a list of the files provided in this update, download the file information for cumulative update 5085516.

For a list of the files provided in the servicing stack update, download the file information for the SSU (KB5083532) - version 26100.8035.


 Source:

March 21, 2026—KB5085516 (OS Builds 26200.8039 and 26100.8039) Out-of-band - Microsoft Support

support.microsoft.com support.microsoft.com


Check Windows Updates


UUP Dump:

64-bit ISO download:
uupdump.net

Select language for Update for Windows 11 (26100.8039) amd64

Select language for Update for Windows 11 (26100.8039) amd64 on UUP dump. UUP dump lets you download Unified Update Platform files, like Windows Insider updates, directly from Windows Update.
uupdump.net
uupdump.net

Select language for Windows 11, version 25H2 (26200.8039) amd64

Select language for Windows 11, version 25H2 (26200.8039) amd64 on UUP dump. UUP dump lets you download Unified Update Platform files, like Windows Insider updates, directly from Windows Update.
uupdump.net

ARM64 ISO download:
uupdump.net

Select language for Update for Windows 11 (26100.8039) arm64

Select language for Update for Windows 11 (26100.8039) arm64 on UUP dump. UUP dump lets you download Unified Update Platform files, like Windows Insider updates, directly from Windows Update.
uupdump.net
uupdump.net

Select language for Windows 11, version 25H2 (26200.8039) arm64

Select language for Windows 11, version 25H2 (26200.8039) arm64 on UUP dump. UUP dump lets you download Unified Update Platform files, like Windows Insider updates, directly from Windows Update.
uupdump.net

www.elevenforum.com

UUP Dump - Download Windows Insider ISO

UUP Dump is the most practical and easy way to get ISO images of any Insider Windows 10 or Windows 11 version, as soon as Microsoft has released a new build. UUP Dump creates a download configuration file according to your choices, downloads necessary files directly from Microsoft servers, and...
www.elevenforum.com www.elevenforum.com
 
Last edited:
Click to expand...
Nothing important , if not on an EUFI-bios , all disks,SSDs , etc on MBR.................... :wink:
 

My Computer

System One

  • OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET
gunrunnerjohn said:
I think the real issue that comes up is many machines won't get the update at all for various compatibility and/or BIOS reasons. It'll be really interesting to see how MSC deals with those millions of machines. :rolleyes:
Click to expand...
Yes I am curious also. Everybody can switch off Secure Boot and your machine will still boot Windows. But MS is marking those machine as "tainted" and are not (at least not all of them) getting any updates anymore.

This is a policy what MS is stuffing through everybody's throats in their campagne of "Security". Stuffing already AI though our throats while nobody wanted it. Continue to spying on us also to sell our data so they are getting more profits then selling licenses alone..... They want to own our machines. In future versions Windows will be sitting in the cloud and we have all to pay for a subscription..... Mo Money.

And yes something have to give..... MS or the users.....
 

My Computer

System One

  • OS
    Win 11 Pro "25H2" Build 26200.8524, Zorin OS Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built
    CPU
    Intel® Core™ i7-12700KF 12th Gen.
    Motherboard
    ASUS Prime Z690-A, BIOS v4505
    Memory
    32GB DDR5 5600-36 Vengeance
    Graphics Card(s)
    PCIe4.0 Asus NVIDIA RTX3060Ti
    Sound Card
    Onboard; Realtek
    Monitor(s) Displays
    34" LG 34UC79G-B Curved 21:9 144Hz
    Screen Resolution
    2560x1080 (No HDR)
    Hard Drives
    250Gb Samsung 870PRO NVMe (Win 11 Pro)
    1Tb Samsung 980PRO NVMe
    1Tb Samsung 970EVO NVMe
    2Tb Samsung 990PRO NVMe with heatsink.
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    3Tb WDC WD30EFRZ Red SATA (Int.)
    256Gb Samsung 840PRO SSD (RHEL 9,5)
    256Gb Samsung 850PRO SSD (Zorin OS Pro 18)
    PSU
    Coolermaster 850W V2 Gold with internal 12cm exaust fan
    Case
    Be-Quiet Pure Base 600.
    Cooling
    3x Be-Quiet! 12/14cm "Silent Wings 4" casefans, 1x Arctic Freezer i35 CPU towerblock with fan.
    Keyboard
    Steelseries APEX 7 keyboard.
    Mouse
    Logitech G-502 Hero
    Internet Speed
    1Gb
    Browser
    Brave
    Antivirus
    F-Secure
    Other Info
    No Noise system.
    256Gb Kingston Travler USB 3.0 drive.
    64Gb Sandisk USB 3.2 drive. (Ventoy)
    8Gb Philips USB 3.0 drive. (Win. Inst.)
    8Gb Philips USB 3.0 drive. (Rescue disk)
    2Tb WD USB 3.0 Passport drive.
    USB Ext. 500Gb WD SATA drive.
    External USB 3.0 C.A. CD/DVD* burner.
hader said:
Yes I am curious also. Everybody can switch off Secure Boot and your machine will still boot Windows. But MS is marking those machine as "tainted" and are not (at least not all of them) getting any updates anymore.

This is a policy what MS is stuffing through everybody's throats in their campagne of "Security". Stuffing already AI though our throats while nobody wanted it. Continue to spying on us also to sell our data so they are getting more profits then selling licenses alone..... They want to own our machines. In future versions Windows will be sitting in the cloud and we have all to pay for a subscription..... Mo Money.

And yes something have to give..... MS or the users.....
Click to expand...
i am not using secure boot however my install media is made via rufus and it has the windows ca 2023 or something like that and i still get updates through windows updates . i did have this machine booting in secure boot but like a big Dumb Ass i replaced the cmos battery and when i did the bios reset and now it will not go into secure boot . just for poops and giggles i am going to do another clean install and see what happenes.
 

My Computer

System One

  • OS
    WINDOWS 11 WINDOWS 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP H8 1360T
    CPU
    Intel(R) Core(TM) i7 -3770K CPU 3.50 GZ 3501 4 CORE
    Motherboard
    PEGATRON 2AD5
    Memory
    32.0 GB (31.9 GB usable)
    Graphics Card(s)
    AMD RADEON TM R5240 INTELL HD GRAPHICS 4600 TIGER 1+1 USB
    Sound Card
    AMD HD . IDT
    Monitor(s) Displays
    AOC WAL MART SPECIAL . HP 2311 IX IPS LED DELL 1708 FP
    Screen Resolution
    1920 X 1080 1600X900 1280X940
    Hard Drives
    1 FAXING S 100 512GB 1 KINGSTON 120 GB SSD 1 X12 SSD 512 GB
    PSU
    300 WATT HP
    Case
    FULL
    Cooling
    ON BOARD FAN
    Keyboard
    LOGITEC K 520 WIRELESS
    Mouse
    LOGITEC M 510 WIRELESS
    Internet Speed
    55 UP 11.2 DOWN
    Browser
    CHROME EDGE
    Antivirus
    WINDOWS SECUIRTY
    Other Info
    NON SUPPORTED HARDWARE FOR WINDOWS 11
fg2001gf11F said:
You need to see that when you try to "Clean up the system files". 😎
Click to expand...
Yes. Aware of that. Before this update (8037); 380Mb, Cleanmgr refused to clean this up. After this 8039 update it grew to 570Mb. Tried to clean, It cleaned some of it what went well but the same figure appeared at the end 380Mb. Cleanmgr for unknown reason also refused to clean the remainders/leftovers also.

I can do this by hand after some searching, but the problem is; Cleanmgr invokes the TrustedInstaller for this job. The highest user inside Windows. Even I as Admin does not have those rights. Is there any other alternative that respects Windows law and does not clean the wrong things? Any ideas out there?
 

My Computer

System One

  • OS
    Win 11 Pro "25H2" Build 26200.8524, Zorin OS Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built
    CPU
    Intel® Core™ i7-12700KF 12th Gen.
    Motherboard
    ASUS Prime Z690-A, BIOS v4505
    Memory
    32GB DDR5 5600-36 Vengeance
    Graphics Card(s)
    PCIe4.0 Asus NVIDIA RTX3060Ti
    Sound Card
    Onboard; Realtek
    Monitor(s) Displays
    34" LG 34UC79G-B Curved 21:9 144Hz
    Screen Resolution
    2560x1080 (No HDR)
    Hard Drives
    250Gb Samsung 870PRO NVMe (Win 11 Pro)
    1Tb Samsung 980PRO NVMe
    1Tb Samsung 970EVO NVMe
    2Tb Samsung 990PRO NVMe with heatsink.
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    3Tb WDC WD30EFRZ Red SATA (Int.)
    256Gb Samsung 840PRO SSD (RHEL 9,5)
    256Gb Samsung 850PRO SSD (Zorin OS Pro 18)
    PSU
    Coolermaster 850W V2 Gold with internal 12cm exaust fan
    Case
    Be-Quiet Pure Base 600.
    Cooling
    3x Be-Quiet! 12/14cm "Silent Wings 4" casefans, 1x Arctic Freezer i35 CPU towerblock with fan.
    Keyboard
    Steelseries APEX 7 keyboard.
    Mouse
    Logitech G-502 Hero
    Internet Speed
    1Gb
    Browser
    Brave
    Antivirus
    F-Secure
    Other Info
    No Noise system.
    256Gb Kingston Travler USB 3.0 drive.
    64Gb Sandisk USB 3.2 drive. (Ventoy)
    8Gb Philips USB 3.0 drive. (Win. Inst.)
    8Gb Philips USB 3.0 drive. (Rescue disk)
    2Tb WD USB 3.0 Passport drive.
    USB Ext. 500Gb WD SATA drive.
    External USB 3.0 C.A. CD/DVD* burner.
FIREMEDIC2700 said:
i am not using secure boot however my install media is made via rufus and it has the windows ca 2023 or something like that and i still get updates through windows updates . i did have this machine booting in secure boot but like a big Dumb Ass i replaced the cmos battery and when i did the bios reset and now it will not go into secure boot . just for poops and giggles i am going to do another clean install and see what happenes.
Click to expand...
That strange. The BIOS sits on a lower level than Windows does. Did you flash your BIOS with the latest version for your motherboard. If not, I would do that first. You should be able to turn on secure boot. (There are some other settings involved here like CSM (Combability Support Module) must be disabled.) and Secure Boot must be set on "Windows UEFI Mode" (Secure boot mode) If left on "Other OS" it's assuming an other OS like Linux. (No secure boot mode)

Now? Windows will boot regardless if Secure boot is turned on or off. When CA2023 has been introduced? The same. Only your are not getting all the updates that MS is sending out. It will apply them only when in Secure Boot mode..... During the boot proces with secure boot is turned on, Windows will load drivers and when signed check if they are signed with the valid and not expired CA2011 certificate. (later replaced by the new CA2023 certificate) If not? It will not load the driver. In theory Windows must obey this BIOS setting. It only checks it's setting to decide if checking is needed yes or no. Despite which setting Windows will boot. It is possible that the bootloader is damaged.

You can correct this using the guidelines in this page; How to Repair EFI/GPT Bootloader on Windows 10 or 11 | Windows OS Hub
 

My Computer

System One

  • OS
    Win 11 Pro "25H2" Build 26200.8524, Zorin OS Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built
    CPU
    Intel® Core™ i7-12700KF 12th Gen.
    Motherboard
    ASUS Prime Z690-A, BIOS v4505
    Memory
    32GB DDR5 5600-36 Vengeance
    Graphics Card(s)
    PCIe4.0 Asus NVIDIA RTX3060Ti
    Sound Card
    Onboard; Realtek
    Monitor(s) Displays
    34" LG 34UC79G-B Curved 21:9 144Hz
    Screen Resolution
    2560x1080 (No HDR)
    Hard Drives
    250Gb Samsung 870PRO NVMe (Win 11 Pro)
    1Tb Samsung 980PRO NVMe
    1Tb Samsung 970EVO NVMe
    2Tb Samsung 990PRO NVMe with heatsink.
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    3Tb WDC WD30EFRZ Red SATA (Int.)
    256Gb Samsung 840PRO SSD (RHEL 9,5)
    256Gb Samsung 850PRO SSD (Zorin OS Pro 18)
    PSU
    Coolermaster 850W V2 Gold with internal 12cm exaust fan
    Case
    Be-Quiet Pure Base 600.
    Cooling
    3x Be-Quiet! 12/14cm "Silent Wings 4" casefans, 1x Arctic Freezer i35 CPU towerblock with fan.
    Keyboard
    Steelseries APEX 7 keyboard.
    Mouse
    Logitech G-502 Hero
    Internet Speed
    1Gb
    Browser
    Brave
    Antivirus
    F-Secure
    Other Info
    No Noise system.
    256Gb Kingston Travler USB 3.0 drive.
    64Gb Sandisk USB 3.2 drive. (Ventoy)
    8Gb Philips USB 3.0 drive. (Win. Inst.)
    8Gb Philips USB 3.0 drive. (Rescue disk)
    2Tb WD USB 3.0 Passport drive.
    USB Ext. 500Gb WD SATA drive.
    External USB 3.0 C.A. CD/DVD* burner.
" Windows will load drivers and when signed check if they are signed with the valid and not expired CA2011 certificate. (later replaced by the new CA2023 certificate) If not? It will not load the driver. ".................I dont need drivers from MS , so again , no problem staying on Legacy-bios !
Works and boots fine still , while ASUS has no bios-updates for the Z97-K :wink:
 

My Computer

System One

  • OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET
Will this update mean that today's supposed "preview update" is going to be pushed or something? or is it going to be released at some point soon as planned?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP
    Memory
    15GB RAM
    Hard Drives
    SSD 1TB
    Browser
    Chrome
Since the March 10 update, I've been experiencing random network disconnections when the laptop is in power-saving mode. Is anyone else having this issue?

Unfortunately, my laptop uses the worst Realtek network card.
 

My Computer

System One

  • OS
    Windows 11 25H2 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    AMD Ryzen 5 4600H
    Memory
    32 GB
    Graphics Card(s)
    NVIDIA GTX 1650
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    AMD Radeon (TM) Graphics
    Hard Drives
    INTEL SSD
    Mouse
    Rival 5
kamil96500 said:
Since the March 10 update, I've been experiencing random network disconnections when the laptop is in power-saving mode. Is anyone else having this issue?

Unfortunately, my laptop uses the worst Realtek network card.
Click to expand...
I had problems with network Jan - Feb. Connection drops, I tried all I can think of, but fix was to do Asus Cloud Recovery.
 

My Computer

System One

  • OS
    Windows 11 PRO, VM: Windows 11 EDU, Windows Server, Debian, Kali, Arch, FreeBSD, OpenBSD
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel i9 9900k
    Motherboard
    Asus Maximus XI Hero
    Memory
    32GB Kingston DDR4
    Graphics Card(s)
    Asus ROG 2080Ti
    Sound Card
    Integrated
    Monitor(s) Displays
    Asus 27" PG279Q
    Screen Resolution
    1440p
    Hard Drives
    m.2: Samsung 970 Evo Plus 1TB, SATA: Samsung 860 Evo 512GB, WD Black HDD 4TB, USB-C: Samsung 970 Evo Plus 1TB
    PSU
    Seasonic 1000Watt
    Case
    Asus ROG Strix
    Cooling
    Noctua NH14D
    Keyboard
    Razer Huntsman
    Mouse
    Razer Viper 8KHz
    Internet Speed
    D: 409,6Mbit/s U: 51,2Mbit/s
I also had the same issue last year: but my issue was fixed with the Tutorial: posted on this form (I also have a Realtek card) Reset Network Adapters in Windows 11
25H2 os build: 26200.8039
 

My Computer

System One

  • OS
    Windows 11 25H2 (OS Build 26200.8524)
    Computer type
    Laptop
    Manufacturer/Model
    Dell
    CPU
    Processor: 11th Gen Intel(R) Core(TM) i5-1135G7 @ 2.40G
    Motherboard
    64-bit operating system Dell 0XMF7W
    Memory
    12GB
    Graphics Card(s)
    Intel R Iris R XE Graphics family
    Sound Card
    Cirrus Speakers High Definition Audio
    Monitor(s) Displays
    Generic PnP monitor
    Screen Resolution
    1920 x 1080
    Hard Drives
    NVMe 670p SSDPEKNU512GZ NVMe I NTEL 512GB
    Case
    cheap
    Mouse
    Logitech wireless mouse
    Internet Speed
    16 Mps download
    Browser
    Google Chrome
    Antivirus
    Security: Microsoft Defender & Malwarebytes Premium (with browser guard)
    Other Info
    Dell model: Inspiron 15 3511
pietcorus2 said:
" Windows will load drivers and when signed check if they are signed with the valid and not expired CA2011 certificate. (later replaced by the new CA2023 certificate) If not? It will not load the driver. ".................I dont need drivers from MS , so again , no problem staying on Legacy-bios !
Works and boots fine still , while ASUS has no bios-updates for the Z97-K :wink:
Click to expand...
No drivers? Uhm delete this directory c:\Windows\system32\drivers then and see if then Windows boots up....:LOL: Everywhere you look MS drivers are loaded.... Ever opened device management? Even Linux needs drivers.
 

My Computer

System One

  • OS
    Win 11 Pro "25H2" Build 26200.8524, Zorin OS Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built
    CPU
    Intel® Core™ i7-12700KF 12th Gen.
    Motherboard
    ASUS Prime Z690-A, BIOS v4505
    Memory
    32GB DDR5 5600-36 Vengeance
    Graphics Card(s)
    PCIe4.0 Asus NVIDIA RTX3060Ti
    Sound Card
    Onboard; Realtek
    Monitor(s) Displays
    34" LG 34UC79G-B Curved 21:9 144Hz
    Screen Resolution
    2560x1080 (No HDR)
    Hard Drives
    250Gb Samsung 870PRO NVMe (Win 11 Pro)
    1Tb Samsung 980PRO NVMe
    1Tb Samsung 970EVO NVMe
    2Tb Samsung 990PRO NVMe with heatsink.
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    3Tb WDC WD30EFRZ Red SATA (Int.)
    256Gb Samsung 840PRO SSD (RHEL 9,5)
    256Gb Samsung 850PRO SSD (Zorin OS Pro 18)
    PSU
    Coolermaster 850W V2 Gold with internal 12cm exaust fan
    Case
    Be-Quiet Pure Base 600.
    Cooling
    3x Be-Quiet! 12/14cm "Silent Wings 4" casefans, 1x Arctic Freezer i35 CPU towerblock with fan.
    Keyboard
    Steelseries APEX 7 keyboard.
    Mouse
    Logitech G-502 Hero
    Internet Speed
    1Gb
    Browser
    Brave
    Antivirus
    F-Secure
    Other Info
    No Noise system.
    256Gb Kingston Travler USB 3.0 drive.
    64Gb Sandisk USB 3.2 drive. (Ventoy)
    8Gb Philips USB 3.0 drive. (Win. Inst.)
    8Gb Philips USB 3.0 drive. (Rescue disk)
    2Tb WD USB 3.0 Passport drive.
    USB Ext. 500Gb WD SATA drive.
    External USB 3.0 C.A. CD/DVD* burner.
Cor3 said:
I had problems with network Jan - Feb. Connection drops, I tried all I can think of, but fix was to do Asus Cloud Recovery.
Click to expand...
I have a 7-year-old HP laptop, so support for it will end in late 2024. I’m hoping Microsoft will come up with a solution.
 

My Computer

System One

  • OS
    Windows 11 25H2 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    AMD Ryzen 5 4600H
    Memory
    32 GB
    Graphics Card(s)
    NVIDIA GTX 1650
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    AMD Radeon (TM) Graphics
    Hard Drives
    INTEL SSD
    Mouse
    Rival 5

My Computer

System One

  • OS
    Windows 11 25H2 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    AMD Ryzen 5 4600H
    Memory
    32 GB
    Graphics Card(s)
    NVIDIA GTX 1650
    Sound Card
    Realtek Audio
    Monitor(s) Displays
    AMD Radeon (TM) Graphics
    Hard Drives
    INTEL SSD
    Mouse
    Rival 5
hader said:
No drivers? Uhm delete this directory c:\Windows\system32\drivers then and see if then Windows boots up....:LOL: Everywhere you look MS drivers are loaded.... Ever opened device management? Even Linux needs drivers.
Click to expand...
So , you mean ; I have to change legacy (MBR) to EUFI ( GPT) , if I dont , I cant use my Win11 anymore..................???! 🛠️
Then WHY (??) ASUS does not update my bios still......?
 

My Computer

System One

  • OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET
Had a security intelligence update today that took a bit longer than usual to install rather than it being near-instant
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP
    Memory
    15GB RAM
    Hard Drives
    SSD 1TB
    Browser
    Chrome
pietcorus2 said:
So , you mean ; I have to change legacy (MBR) to EUFI ( GPT) , if I dont , I cant use my Win11 anymore..................???! 🛠️
Then WHY (??) ASUS does not update my bios still......?
Click to expand...
Wait...
Hold things separate.
- UEFI BIOS is the follower of the old Legacy BIOS used in the past. It contains "new" features like GPT and Secure Boot.

- MBR or GPT. Master Boot Record is an older type of tables with an index that can points to the starting block (e.a. 4K) of files on a disk. That fileblock point to the next fileblock of 4K etc. until it ends (end of file) It has it limits; The maximum it can address (32bit) are 4 partitions of 2TB. So if you have a disk larger than 2TB you have to switch over to GTP. That can address (64bit) are 128 partitions of 9ZB or 9 billion TB. So if you have a disk of 1TB you don't have to switch over to GPT. GPT is no faster than MBR but it has one big advantage; It contains an CRC for integrity purposes. So I converted all of my disks to GPT. An action that takes a few seconds.

- ASUS BIOS. Yes it can happen. Manufactures roll out new BIOS's for there new products mainly. They can contain bugs etc. So when needed the release a newer BIOS version. Then they level off; most of the issues has been addressed and fixed. And after a few years they stop serving the motherboard and will not release newer BIOS's anymore. (Out of service) If bought an ASUS motherboard in 2015. The latest BIOS for this motherboard was 2018. Bought a new ASUS Prime Z690 motherboard (because my old motherboard couldn't cope with the newly bought RTX3060Ti Graphics card. Videos say it could...) in 2022. Updated the BIOS every time a new one came out. Updated during 2024/2025. The frequency was slowing down.

But this does not have to be a problem. This whole CA2023 issue is revolving arround Keys. 1 set (Default) comes default from manufactures. 1 set (Current) comes from Microsoft. Only the Current values must have the correct and up-to-date keys. So incase you have an older PC/Laptop that don't have a 24/25/2026 updated BIOS? This mismatches may be reflected in the Red Crosses (Default section) using this program; "Check UEFI PK, KEK, DB and DBX.cmd" (GitHub - cjee21/Check-UEFISecureBootVariables: PowerShell scripts to check the UEFI KEK, DB and DBX Secure Boot variables as well as scripts for other Secure Boot related items.) As long as the Current Value settings of UEFI PK, KEK and DB have green checkmarks; you are OK. Those values are active now and needed for the upcoming CA2023 change.

In my case I had 1 red cross inside the Default UEFI DB. Went to the manufacture and saw that they released a new BIOS version in Dec-2025. Downloaded it, flashed it and after that that 1 red cross became green also. I think there are millions and millions who can't get a recent BIOS also. That's OK as long as the current values are in order. (Green)
 

My Computer

System One

  • OS
    Win 11 Pro "25H2" Build 26200.8524, Zorin OS Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built
    CPU
    Intel® Core™ i7-12700KF 12th Gen.
    Motherboard
    ASUS Prime Z690-A, BIOS v4505
    Memory
    32GB DDR5 5600-36 Vengeance
    Graphics Card(s)
    PCIe4.0 Asus NVIDIA RTX3060Ti
    Sound Card
    Onboard; Realtek
    Monitor(s) Displays
    34" LG 34UC79G-B Curved 21:9 144Hz
    Screen Resolution
    2560x1080 (No HDR)
    Hard Drives
    250Gb Samsung 870PRO NVMe (Win 11 Pro)
    1Tb Samsung 980PRO NVMe
    1Tb Samsung 970EVO NVMe
    2Tb Samsung 990PRO NVMe with heatsink.
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    3Tb WDC WD30EFRZ Red SATA (Int.)
    256Gb Samsung 840PRO SSD (RHEL 9,5)
    256Gb Samsung 850PRO SSD (Zorin OS Pro 18)
    PSU
    Coolermaster 850W V2 Gold with internal 12cm exaust fan
    Case
    Be-Quiet Pure Base 600.
    Cooling
    3x Be-Quiet! 12/14cm "Silent Wings 4" casefans, 1x Arctic Freezer i35 CPU towerblock with fan.
    Keyboard
    Steelseries APEX 7 keyboard.
    Mouse
    Logitech G-502 Hero
    Internet Speed
    1Gb
    Browser
    Brave
    Antivirus
    F-Secure
    Other Info
    No Noise system.
    256Gb Kingston Travler USB 3.0 drive.
    64Gb Sandisk USB 3.2 drive. (Ventoy)
    8Gb Philips USB 3.0 drive. (Win. Inst.)
    8Gb Philips USB 3.0 drive. (Rescue disk)
    2Tb WD USB 3.0 Passport drive.
    USB Ext. 500Gb WD SATA drive.
    External USB 3.0 C.A. CD/DVD* burner.
hader said:
OOB or not. It seems to hit everyone. The reason for this fix (I noticed this earlier; My current PC did not show up (did earlier) inside my MS-account whatever I did. Strangely it did see my older (non TPM and CPU compliant) PC with 25H2 and a much older laptop with Win10.) was to fix an issue with the MS-account originated from our machines. Some setting was not correct. The fix did it's job. It appeared again. DISM, SFC were fine and no additional to cleanup packages it was a short and fast update....
Click to expand...
Damn.... Just found out.....
It seems that that whole MS-account stuff was broken by the previous update; KB5079473 (26200.8037) dated 10-03-2026.
This KB5085516 (26200.8039) dated 21-03-2026 was pushed through to fix this problem.

As I had said before; 25H2 is one of the worst releases ever. We have seen that cycle before; update - fix - update - update - fix etc. :mad::mad:
And to make things worse; I download the latest version of Check-UEFISecureBootVariables on github. Ran it and.... All my 3 SVN's were "None" again despite they showed earlier 7.0, 3.0 and 3.0.

Had to run these commands again inside Powershell (as admin)
- reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates /t REG_DWORD /d 0x200 /f
- Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"
Immediately after that the program it showed 7.0, 3.0 and 3.0 again. So that last fix tinkered with these settings also for God know why....... :ffs:
 

My Computer

System One

  • OS
    Win 11 Pro "25H2" Build 26200.8524, Zorin OS Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built
    CPU
    Intel® Core™ i7-12700KF 12th Gen.
    Motherboard
    ASUS Prime Z690-A, BIOS v4505
    Memory
    32GB DDR5 5600-36 Vengeance
    Graphics Card(s)
    PCIe4.0 Asus NVIDIA RTX3060Ti
    Sound Card
    Onboard; Realtek
    Monitor(s) Displays
    34" LG 34UC79G-B Curved 21:9 144Hz
    Screen Resolution
    2560x1080 (No HDR)
    Hard Drives
    250Gb Samsung 870PRO NVMe (Win 11 Pro)
    1Tb Samsung 980PRO NVMe
    1Tb Samsung 970EVO NVMe
    2Tb Samsung 990PRO NVMe with heatsink.
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    3Tb WDC WD30EFRZ Red SATA (Int.)
    256Gb Samsung 840PRO SSD (RHEL 9,5)
    256Gb Samsung 850PRO SSD (Zorin OS Pro 18)
    PSU
    Coolermaster 850W V2 Gold with internal 12cm exaust fan
    Case
    Be-Quiet Pure Base 600.
    Cooling
    3x Be-Quiet! 12/14cm "Silent Wings 4" casefans, 1x Arctic Freezer i35 CPU towerblock with fan.
    Keyboard
    Steelseries APEX 7 keyboard.
    Mouse
    Logitech G-502 Hero
    Internet Speed
    1Gb
    Browser
    Brave
    Antivirus
    F-Secure
    Other Info
    No Noise system.
    256Gb Kingston Travler USB 3.0 drive.
    64Gb Sandisk USB 3.2 drive. (Ventoy)
    8Gb Philips USB 3.0 drive. (Win. Inst.)
    8Gb Philips USB 3.0 drive. (Rescue disk)
    2Tb WD USB 3.0 Passport drive.
    USB Ext. 500Gb WD SATA drive.
    External USB 3.0 C.A. CD/DVD* burner.
hader said:
Wait...
Hold things separate.
- UEFI BIOS is the follower of the old Legacy BIOS used in the past. It contains "new" features like GPT and Secure Boot.

- MBR or GPT. Master Boot Record is an older type of tables with an index that can points to the starting block (e.a. 4K) of files on a disk. That fileblock point to the next fileblock of 4K etc. until it ends (end of file) It has it limits; The maximum it can address (32bit) are 4 partitions of 2TB. So if you have a disk larger than 2TB you have to switch over to GTP. That can address (64bit) are 128 partitions of 9ZB or 9 billion TB. So if you have a disk of 1TB you don't have to switch over to GPT. GPT is no faster than MBR but it has one big advantage; It contains an CRC for integrity purposes. So I converted all of my disks to GPT. An action that takes a few seconds.

- ASUS BIOS. Yes it can happen. Manufactures roll out new BIOS's for there new products mainly. They can contain bugs etc. So when needed the release a newer BIOS version. Then they level off; most of the issues has been addressed and fixed. And after a few years they stop serving the motherboard and will not release newer BIOS's anymore. (Out of service) If bought an ASUS motherboard in 2015. The latest BIOS for this motherboard was 2018. Bought a new ASUS Prime Z690 motherboard (because my old motherboard couldn't cope with the newly bought RTX3060Ti Graphics card. Videos say it could...) in 2022. Updated the BIOS every time a new one came out. Updated during 2024/2025. The frequency was slowing down.

But this does not have to be a problem. This whole CA2023 issue is revolving arround Keys. 1 set (Default) comes default from manufactures. 1 set (Current) comes from Microsoft. Only the Current values must have the correct and up-to-date keys. So incase you have an older PC/Laptop that don't have a 24/25/2026 updated BIOS? This mismatches may be reflected in the Red Crosses (Default section) using this program; "Check UEFI PK, KEK, DB and DBX.cmd" (GitHub - cjee21/Check-UEFISecureBootVariables: PowerShell scripts to check the DBX Secure BoUEFI KEK, DB and ot variables as well as scripts for other Secure Boot related items.) As long as the Current Value settings of UEFI PK, KEK and DB have green checkmarks; you are OK. Those values are active now and needed for the upcoming CA2023 change.

In my case I had 1 red cross inside the Default UEFI DB. Went to the manufacture and saw that they released a new BIOS version in Dec-2025. Downloaded it, flashed it and after that that 1 red cross became green also. I think there are millions and millions who can't get a recent BIOS also. That's OK as long as the current values are in order. (Green)
Click to expand...
Im on legacy cant check these DBX Secure BoUEFI KEK, DB and ot variables as well as scripts for other Secure Boot related items , seems I dont have them , on my MBR/Legacy-bios.
If I understand you well , I can still using my Win11 , with MBR/legacy...............??
 

My Computer

System One

  • OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET
pietcorus2 said:
Im on legacy cant check these DBX Secure BoUEFI KEK, DB and ot variables as well as scripts for other Secure Boot related items , seems I dont have them , on my MBR/Legacy-bios.
If I understand you well , I can still using my Win11 , with MBR/legacy...............??
Click to expand...
MBR will not an issue but about the legacy part?.... It should not be a problem as long as you bypass during installation some requirements that Windows 11 want to see; TPM2.0, A more modern CPU, onboard RAM > 4Gb and..... Secure boot....

That last problem may become an issue. No secure boot. I can see you already installed 25H2 onto your system so far so good. Now? Secure boot on or off is not an issue now. According to the information after the introduction of CA2023 Windows 11 will boot normally. But it does not check (it does not checks it also now with the CA2011 certificate) the drivers as they are loading if they are signed and if so is it signed by a valid CAxxxx certificate.

So if your system boots now it will continue to do so after that CA2023 update. In your case of having a Legacy BIOS there is no need to run that script I pointed to. Because It's a Legacy BIOS and not an UEFI BIOS. You don't need to fix your system because it isn't capable to run in EUFI mode.

So in the end; What are there risks then? That whole UEFI and CA2023 revolves just arround one thing: Security. This mechanism is stopping possible suspicious driver injection into your system. Now it can't check that so your system is running the risk by opening an e-mail or going to a suspicious site who inject suspicious code into your system etc. But you can reduce that risk by having a good antivirus program installed who watches your internet traffic, you file system and watches for rootkits.

Future will tell if hackers are capable of injecting stuff into our machines to gather personal data. Not only Microsoft will adapt for new ways, but anti-virus manufactures also. To keep things in perspective; it is not very lucrative to hack into individual machines. They rather hack into big companies in order to steal data that contains sensitive data by the millions. They will sell that data for a lot of money to anyone who is interested and wants to pay for that information.

An example: Some time ago a Telecom company (Odido) here in the Netherlands had a break in by hackers who stole millions of customers data. They refused to pay ransom. ("We don't give in into demands!!!...") Yep. That maybe so. The hackers then sold the data to the market on Telegram. All customers mad as hell when they heard this. Yeah it's also a good way to ruin your reputation because they thought that it was not that important to monthly apply patches on their infrastructure.... (Saves us money.....) On your way to bankruptcy you are..... Many current customers will flee and new customers will look elsewhere.....
 

My Computer

System One

  • OS
    Win 11 Pro "25H2" Build 26200.8524, Zorin OS Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self built
    CPU
    Intel® Core™ i7-12700KF 12th Gen.
    Motherboard
    ASUS Prime Z690-A, BIOS v4505
    Memory
    32GB DDR5 5600-36 Vengeance
    Graphics Card(s)
    PCIe4.0 Asus NVIDIA RTX3060Ti
    Sound Card
    Onboard; Realtek
    Monitor(s) Displays
    34" LG 34UC79G-B Curved 21:9 144Hz
    Screen Resolution
    2560x1080 (No HDR)
    Hard Drives
    250Gb Samsung 870PRO NVMe (Win 11 Pro)
    1Tb Samsung 980PRO NVMe
    1Tb Samsung 970EVO NVMe
    2Tb Samsung 990PRO NVMe with heatsink.
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    4Tb WDC WD40EZRZ Blue SATA (Int.)
    3Tb WDC WD30EFRZ Red SATA (Int.)
    256Gb Samsung 840PRO SSD (RHEL 9,5)
    256Gb Samsung 850PRO SSD (Zorin OS Pro 18)
    PSU
    Coolermaster 850W V2 Gold with internal 12cm exaust fan
    Case
    Be-Quiet Pure Base 600.
    Cooling
    3x Be-Quiet! 12/14cm "Silent Wings 4" casefans, 1x Arctic Freezer i35 CPU towerblock with fan.
    Keyboard
    Steelseries APEX 7 keyboard.
    Mouse
    Logitech G-502 Hero
    Internet Speed
    1Gb
    Browser
    Brave
    Antivirus
    F-Secure
    Other Info
    No Noise system.
    256Gb Kingston Travler USB 3.0 drive.
    64Gb Sandisk USB 3.2 drive. (Ventoy)
    8Gb Philips USB 3.0 drive. (Win. Inst.)
    8Gb Philips USB 3.0 drive. (Rescue disk)
    2Tb WD USB 3.0 Passport drive.
    USB Ext. 500Gb WD SATA drive.
    External USB 3.0 C.A. CD/DVD* burner.
Woow ! You made my day ! :giggle:
So , no reason to change from legacy to EUFI , all is fine now , Antivirus ok also , I know what I have , but.........dont know after changing to EUFI !
Will stay on this OS/bios , coz its just a very fine machine............:wink:
 

My Computer

System One

  • OS
    Windows11 Pro 25H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Asus
    CPU
    i7
    Motherboard
    z97k
    Memory
    32GB
    Graphics Card(s)
    nVidia
    Sound Card
    Realtek
    Hard Drives
    3
    Cooling
    air
    Browser
    Edge
    Antivirus
    ESET
You must log in or register to reply here.

Similar threads

  • Article Article
Win Update KB5086672 Windows 11 Out-of-band Update build 26100.8117 (24H2) and 26200.8117 (25H2) - March 31
9 10 11
Replies
201
Views
37K
Bree
Bree
  • Article Article
Win Update KB5079473 Windows 11 Cumulative Update build 26100.8037 (24H2) and 26200.8037 (25H2) - March 10
7 8 9
Replies
165
Views
34K
Brink
Brink
  • Article Article
Win Update KB5091157 Windows Server 2025 Out-of-band Update build 26100.32698 - April 19
Replies
0
Views
211
Brink
Brink
  • Article Article
Win Update Hotpatch KB5091470 Windows 11 Enterprise Out-of-band Update build 26100.32704 - April 19
Replies
0
Views
280
Brink
Brink
  • Article Article
Win Update KB5078127 Windows 11 Out-of-band Update build 26100.7628 (24H2) and 26200.7628 (25H2) - Jan. 24
8 9 10
Replies
192
Views
38K
devilhood
devilhood

Latest Support Threads

Latest Tutorials

Back
Top Bottom