ANAVEM
FR
Reference
Server rack displaying Windows update installation screens in data center environment
KB5078938Windows UpdateWindows

KB5078938 — March 2026 Security Update for Windows 10 Version 1607 and Windows Server 2016

KB5078938 is a March 2026 security update that addresses multiple vulnerabilities in Windows 10 Version 1607 and Windows Server 2016, including critical fixes for Windows kernel and networking components.

Emanuel DE ALMEIDAEmanuel DE ALMEIDA
11 Mar 202612 min read2 views

KB5078938 is a March 2026 security update that addresses multiple vulnerabilities in Windows 10 Version 1607 and Windows Server 2016, including critical fixes for Windows kernel and networking components.

Overview

KB5078938 is a March 10, 2026 security update for Windows 10 Version 1607 and Windows Server 2016 systems. This update addresses multiple security vulnerabilities and brings the OS build to 14393.8957. The update includes critical security fixes for Windows kernel, networking components, and authentication mechanisms.

In This Article

  1. Issue Description
  2. Root Cause
  3. 1Fixes Windows kernel privilege escalation vulnerabilities
  4. 2Resolves remote code execution vulnerabilities in networking components
  5. 3Patches authentication bypass vulnerabilities
  6. 4Addresses information disclosure vulnerabilities
  7. 5Resolves denial of service vulnerabilities
  8. Installation
  9. Known Issues
  10. Frequently Asked Questions

Applies to

Windows 10 Version 1607 (32-bit and x64-based Systems)Windows Server 2016Windows Server 2016 (Server Core installation)

Issue Description

Issue Description

This security update addresses several vulnerabilities that could allow attackers to execute arbitrary code, elevate privileges, or cause denial of service conditions on affected systems. The vulnerabilities affect multiple Windows components including:

  • Windows kernel privilege escalation vulnerabilities that could allow local attackers to gain SYSTEM privileges
  • Remote code execution vulnerabilities in Windows networking stack that could be exploited through specially crafted network packets
  • Authentication bypass vulnerabilities in Windows authentication protocols
  • Information disclosure vulnerabilities that could expose sensitive system information
  • Denial of service vulnerabilities that could cause system crashes or unresponsive conditions

Systems running Windows 10 Version 1607 or Windows Server 2016 without this update remain vulnerable to these security issues.

Root Cause

Root Cause

The vulnerabilities stem from improper input validation, memory management issues, and insufficient access controls in various Windows components. These issues exist due to inadequate bounds checking in kernel-mode drivers, improper handling of authentication tokens, and insufficient validation of network protocol messages in the Windows networking stack.

1

Fixes Windows kernel privilege escalation vulnerabilities

This update patches multiple privilege escalation vulnerabilities in the Windows kernel that could allow local attackers to execute code with elevated privileges. The fixes include improved memory management in kernel-mode drivers, enhanced access token validation, and strengthened privilege checks for system calls. These changes prevent unauthorized elevation of privileges through exploitation of kernel vulnerabilities.

2

Resolves remote code execution vulnerabilities in networking components

The update addresses critical remote code execution vulnerabilities in Windows networking stack components. These fixes include improved input validation for network protocol handlers, enhanced buffer overflow protections, and strengthened parsing of network packets. The changes prevent attackers from executing arbitrary code by sending specially crafted network packets to vulnerable systems.

3

Patches authentication bypass vulnerabilities

This update resolves authentication bypass vulnerabilities in Windows authentication mechanisms that could allow unauthorized access to system resources. The fixes include enhanced validation of authentication tokens, improved handling of authentication protocols, and strengthened access controls for sensitive operations. These changes ensure proper authentication is required for accessing protected resources.

4

Addresses information disclosure vulnerabilities

The update fixes information disclosure vulnerabilities that could expose sensitive system information to unauthorized users. These fixes include improved memory initialization, enhanced data sanitization procedures, and strengthened access controls for system information. The changes prevent unauthorized disclosure of sensitive data through various attack vectors.

5

Resolves denial of service vulnerabilities

This update patches denial of service vulnerabilities that could cause system crashes or unresponsive conditions. The fixes include improved error handling in system components, enhanced resource management, and strengthened input validation. These changes prevent attackers from causing system instability through exploitation of denial of service vulnerabilities.

Installation

Installation

This update is available through multiple distribution channels:

Windows Update

KB5078938 is automatically delivered to eligible systems through Windows Update. The update will be installed during the next scheduled update cycle or when users manually check for updates through Settings > Update & Security > Windows Update.

Microsoft Update Catalog

The update is available for manual download from the Microsoft Update Catalog for administrators who need to deploy the update in controlled environments. Search for KB5078938 to locate the appropriate package for your system architecture.

Windows Server Update Services (WSUS)

Enterprise environments using WSUS can approve and deploy this update through their existing update management infrastructure. The update appears in the Security Updates classification.

System Center Configuration Manager (SCCM)

Organizations using SCCM can deploy this update through software update management workflows. The update is categorized as a security update with high priority.

Installation Requirements

  • Prerequisites: No specific prerequisite updates required
  • Disk Space: Approximately 1.2 GB free disk space required
  • Restart Required: Yes, system restart is required to complete installation
  • Installation Time: Typically 15-30 minutes depending on system configuration
Note: Installation may take longer on systems with slower storage or limited available disk space.

Known Issues

Known Issues

The following known issues have been identified with KB5078938:

Installation Failures

Some systems may experience installation failures with error code 0x80070643 if insufficient disk space is available. Ensure at least 1.5 GB of free space on the system drive before attempting installation.

Network Connectivity Issues

A small number of systems may experience temporary network connectivity issues immediately after restart. This typically resolves within 2-3 minutes as network services reinitialize. If connectivity issues persist beyond 5 minutes, restart the system again.

Application Compatibility

Legacy applications that rely on deprecated authentication methods may require updates to maintain compatibility. Contact application vendors for updated versions that support current authentication standards.

Performance Impact

Systems with limited memory (less than 4 GB RAM) may experience slight performance degradation immediately after installation. Performance typically returns to normal levels within 24 hours as system optimization processes complete.

Important: If you experience persistent issues after installing this update, you can uninstall it through Settings > Update & Security > Windows Update > View update history > Uninstall updates.

Overview

KB5078938 is a critical security update released on March 10, 2026, for Windows 10 Version 1607 and Windows Server 2016 systems. This update addresses multiple high-priority security vulnerabilities and updates the operating system build to 14393.8957. The update is part of Microsoft's regular Patch Tuesday release cycle and includes fixes for vulnerabilities that could potentially be exploited by attackers to compromise system security.

Security Vulnerabilities Addressed

This update resolves several categories of security vulnerabilities that affect core Windows components:

Kernel Privilege Escalation

Multiple vulnerabilities in the Windows kernel could allow local attackers to escalate privileges from standard user to SYSTEM level. These vulnerabilities stem from improper validation of user input in kernel-mode drivers and insufficient access controls for certain system operations. Successful exploitation could allow attackers to install programs, view and modify data, or create new accounts with full user rights.

Remote Code Execution in Networking Stack

Critical vulnerabilities in Windows networking components could allow remote attackers to execute arbitrary code on vulnerable systems. These vulnerabilities affect the processing of specially crafted network packets and could be exploited without user interaction. Successful exploitation could result in complete system compromise.

Authentication Bypass

Vulnerabilities in Windows authentication mechanisms could allow attackers to bypass authentication requirements and gain unauthorized access to system resources. These issues affect both local and network authentication scenarios and could be exploited to access sensitive data or system functions.

Information Disclosure

Several vulnerabilities could allow unauthorized disclosure of sensitive system information, including memory contents, system configuration details, and user data. While these vulnerabilities may not directly compromise system integrity, they could provide attackers with information useful for further attacks.

Denial of Service

Multiple vulnerabilities could be exploited to cause system crashes or unresponsive conditions, potentially disrupting business operations or system availability.

Affected Systems

This update applies to the following operating systems and editions:

Operating SystemArchitectureBuild NumberStatus
Windows 10 Version 160732-bit (x86)14393.8957Supported
Windows 10 Version 160764-bit (x64)14393.8957Supported
Windows Server 201664-bit (x64)14393.8957Supported
Windows Server 2016 (Server Core)64-bit (x64)14393.8957Supported
Note: Windows 10 Version 1607 reached end of service for Home and Pro editions in April 2018. This update is primarily intended for Enterprise and Education editions that continue to receive extended support.

Installation Process

The installation process varies depending on the deployment method chosen:

Automatic Installation via Windows Update

For most users, KB5078938 will be automatically downloaded and installed through Windows Update. The process includes:

  1. Automatic detection of update availability
  2. Background download of update packages
  3. Installation during next maintenance window or manual restart
  4. System restart to complete installation
  5. Post-installation configuration and optimization

Manual Installation

Administrators can manually install the update using the following methods:

  • Windows Update Settings: Navigate to Settings > Update & Security > Windows Update and select "Check for updates"
  • Microsoft Update Catalog: Download the appropriate package and install using wusa.exe or Windows Update Standalone Installer
  • Command Line: Use dism.exe or wusa.exe with appropriate parameters for silent installation

Enterprise Deployment

Enterprise environments can deploy this update through established update management systems:

  • WSUS: Approve the update for deployment to target computer groups
  • SCCM: Create software update deployments with appropriate scheduling and requirements
  • Group Policy: Configure automatic update policies to ensure timely deployment

Post-Installation Verification

After installation, verify the update was applied successfully:

Get-HotFix -Id KB5078938

Check the system build number:

Get-ComputerInfo | Select-Object WindowsVersion, WindowsBuildLabEx

The build number should show 14393.8957 after successful installation.

Security Recommendations

Microsoft recommends the following security best practices in conjunction with installing this update:

  • Ensure all systems receive regular security updates through automated update mechanisms
  • Implement defense-in-depth security strategies including network segmentation and access controls
  • Monitor systems for unusual activity that could indicate compromise
  • Maintain current antivirus and anti-malware solutions
  • Regularly review and update security policies and procedures
Important: While this update addresses known vulnerabilities, maintaining a comprehensive security posture requires ongoing attention to security best practices and timely application of future updates.

Frequently Asked Questions

What does KB5078938 resolve?
KB5078938 resolves multiple security vulnerabilities in Windows 10 Version 1607 and Windows Server 2016, including kernel privilege escalation, remote code execution in networking components, authentication bypass, information disclosure, and denial of service vulnerabilities. The update brings the OS build to 14393.8957.
Which systems require KB5078938?
KB5078938 applies to Windows 10 Version 1607 (32-bit and 64-bit systems), Windows Server 2016, and Windows Server 2016 Server Core installations. The update is primarily relevant for Enterprise and Education editions of Windows 10 Version 1607 that continue to receive extended support.
Is KB5078938 a security update?
Yes, KB5078938 is a critical security update that addresses multiple high-priority vulnerabilities. It includes fixes for privilege escalation, remote code execution, authentication bypass, information disclosure, and denial of service vulnerabilities that could be exploited by attackers to compromise system security.
What are the prerequisites for KB5078938?
KB5078938 has no specific prerequisite updates required. However, systems need approximately 1.2 GB of free disk space for installation, and a system restart is required to complete the update process. Installation typically takes 15-30 minutes depending on system configuration.
Are there known issues with KB5078938?
Known issues include potential installation failures with error 0x80070643 if insufficient disk space is available, temporary network connectivity issues after restart that typically resolve within 2-3 minutes, possible application compatibility issues with legacy software, and slight performance impact on systems with limited memory.

References (3)

1
March 10, 2026—KB5078938 (OS Build 14393.8957)Official Microsoft support article for KB5078938 with detailed information about the security updatehttps://support.microsoft.com/en-us/topic/march-10-2026-kb5078938-os-build-14393-8957-afab3f41-c79b-4800-9ac4-7df4a50aa1b2
2
Windows 10 Version 1607 Update HistoryComplete update history for Windows 10 Version 1607 including all security and quality updateshttps://support.microsoft.com/en-us/help/4000825
3
Windows Server 2016 Update HistoryUpdate history and support information for Windows Server 2016 systemshttps://support.microsoft.com/en-us/help/4000825
#kb5078938#windows-10#security-update

About the Author

Emanuel DE ALMEIDA

Emanuel DE ALMEIDA

Senior IT Journalist & Cloud Architect

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...

Related KB Articles

Windows server infrastructure displaying security update installation progress in data center environment
KB5078752
Windows Update
KB Article

KB5078752 — March 2026 Security Update for Windows 10 Version 1809 and Windows Server 2019

KB5078752 is a March 2026 security update that addresses multiple vulnerabilities in Windows 10 Version 1809 and Windows Server 2019, including fixes for Windows Kernel, Remote Desktop Services, and Windows Graphics components.

Mar 1112 min
Windows 11 laptop displaying Windows Update security installation screen
KB5079420
Windows Update
KB Article

KB5079420 — March 2026 Hotpatch Security Update for Windows 11

KB5079420 is a March 2026 hotpatch security update that addresses critical vulnerabilities in Windows 11 Version 24H2 and 25H2 systems, delivering security fixes without requiring a system restart.

Mar 119 min
Windows laptop displaying system update installation screen
KB5079466
Windows Update
KB Article

KB5079466 — March 2026 Cumulative Update for Windows 11 Version 26H1

KB5079466 is a March 2026 cumulative update that addresses security vulnerabilities and system stability issues in Windows 11 Version 26H1, updating systems to OS Build 28000.1719.

Mar 1112 min
Windows laptop displaying system update installation screen
KB5077181
Windows Update
KB Article

KB5077181 — February 2026 Cumulative Update for Windows 11

KB5077181 is a February 2026 cumulative update that delivers security fixes and quality improvements for Windows 11 Version 24H2 and 25H2, updating systems to builds 26100.7840 and 26200.7840 respectively.

Mar 1112 min