www.it-connect.fr
Windows 10 KB5094127: What’s Included in the June 2026 ESU Update
On Tuesday, June 9, 2026, Microsoft released the June 2026 ESU update for Windows 10: KB5094127. What are the main changes included in this update? Here’s what you need to know.
Reminder: the June 2026 Patch Tuesday is especially packed, with a total of 200 vulnerabilities patched across Microsoft products. The ESU update therefore delivers security fixes directly to Windows 10.
As expected, KB5094127 brings very few changes, since Windows 10 mostly receives security fixes. Microsoft does, however, note the following.
👉 File Explorer
This update improves File Explorer search functionality, including support for Chinese text and UTF-8 files without a BOM marker. Text is now displayed more clearly and consistently in search results, content views, and tooltips.
👉 Secure Boot
As usual, Microsoft is raising the issue of Secure Boot certificate expiration again. Microsoft says the Windows Security app will dynamically display the certificate update status.
The Redmond company also mentions a new policy setting named LimitSecureBootRequiredServiceData. It is available in the following section: Computer Configuration > Administrative Templates > Windows Components > Secure Boot.
"When this setting is enabled, Windows limits the Secure Boot service data it sends by removing the event normally transmitted to Microsoft. This policy is also included in the "Windows Restricted Traffic Limited Functionality Baseline" package.", Microsoft explains. This is therefore a setting related to telemetry.
This new ESU update is now available through Windows Update.
A known issue with KB5094127
Microsoft notes that an issue already present since April 2026 is still unresolved. If it occurs, it may prompt the user to enter their BitLocker recovery key.
This is a limited issue that affects only devices where all of the following conditions are met:
- The device is not already running the Windows Boot Manager signed with the 2023 certificate.
- BitLocker is enabled on the operating system drive.
- The group policy (GPO) "Configure the TPM platform validation profile for native UEFI firmware configurations" is configured, and the PCR7 component is included in the validation profile (or the equivalent Registry key is configured manually).
- The System Information utility (
msinfo32.exe) reports that the PCR7 binding status is "Impossible". - The Windows UEFI CA 2023 certificate is present in the device’s Secure Boot signature database (DB), making it eligible for the 2023-signed Windows Boot Manager to be set as the default.
If you use a GPO to configure BitLocker on Windows 10, it is recommended that you review your settings if you have not already done so. All the necessary information is available on this page.
The Windows 10 ESU update list
Below is the list of Windows 10 ESU updates released to date.
| Patch for the month of... | KB number |
|---|---|
| June 2026 | KB5094127 |
| May 2026 | KB5087544 |
| April 2026 | KB5082200 |
| March 2026 | KB5078885 |
| February 2026 | KB5075912 |
| January 2026 | KB5073724 |
| December 2025 | KB5071546 |
| November 2025 | KB5068781 |
Additional resources on this topic to help you out:
- Windows 10 ESU: how do you enroll your PC to receive security updates?
- Windows 10 standard support ends on October 14, 2025: what are the consequences?
