Microsoft has released the KB5071546 extended security update to resolve 57 security vulnerabilities, including three zero-day flaws.
If you are running Windows 10 Enterprise LTSC or are enrolled in the ESU program, you can install this update like normal by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’
Source: BleepingComputer
As this update is mandatory, it will automatically install and prompt you to restart your device when it is complete.
After installing this update, Windows 10 will be updated to build 19045.6691, and Windows 10 Enterprise LTSC 2021 will be updated to build 19044.6691.
What’s new in Windows 10 KB5071546
Microsoft is no longer releasing new features for Windows 10, and the KB5071546 update contains only security updates and fixes for bugs introduced by previous security updates.
With this release, Microsoft has fixed a remote code execution zero-day vulnerability in PowerShell tracked as CVE-2025-54100 that could allow malicious scripts embedded in a webpage to be executed when the page is retrieved using the “Invoke-WebRequest” command:
When running PowerShell scripts that use the “Invoke-WebRequest” command, PowerShell 5.1 (the default version on Windows 10) will now display a warning that this could cause scripts on the page to be executed.
If a page is untrusted, Windows users should use the -UseBasicParsing command line argument to prevent embedded scripts from being parsed.
Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
Security Warning: Script Execution Risk
Invoke-WebRequest parses the content of the web page. Script code in the web page might be run when the page is parsed.
RECOMMENDED ACTION:
Use the -UseBasicParsing switch to avoid script code execution.
Do you want to continue?
```
For additional details, see [KB5074596: PowerShell 5.1: Preventing script execution from web content](https://support.microsoft.com/help/5072034).
Microsoft has released an advisory on when and how to use this command-line flag.
Microsoft states that there are no known issues with this update.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.