KB5079466 — March 2026 Cumulative Update for Windows 11 Version 26H1

Overview

KB5079466 is a critical cumulative security update released on March 10, 2026, for Windows 11 Version 26H1. This update addresses multiple high-severity security vulnerabilities and system stability issues, updating affected systems to OS Build 28000.1719. The update applies to both x64-based and ARM64-based systems running Windows 11 Version 26H1.

Security Vulnerabilities Addressed

This update resolves four critical security vulnerabilities with CVSS scores ranging from 7.8 to 8.8:

Kernel Privilege Escalation Fixes

The most critical fixes in this update address two privilege escalation vulnerabilities in the Windows kernel (CVE-2026-0847 and CVE-2026-0848). These vulnerabilities could allow attackers with limited user privileges to execute code with SYSTEM-level permissions. The vulnerabilities stem from improper input validation in kernel-mode drivers and insufficient boundary checks in memory allocation routines.

Microsoft has confirmed that these vulnerabilities were discovered through internal security research and have not been exploited in the wild. However, due to their critical nature, immediate installation is recommended for all Windows 11 Version 26H1 systems.

Graphics Subsystem Security Enhancement

CVE-2026-0849 addresses a memory corruption vulnerability in the Windows Graphics Device Interface (GDI) that could lead to remote code execution when processing maliciously crafted image files. This vulnerability affects applications that render images through the GDI subsystem, including web browsers, document viewers, and image editing software.

Authentication System Improvements

The Local Security Authority (LSA) authentication bypass vulnerability (CVE-2026-0850) has been patched to prevent unauthorized access to domain resources. This vulnerability could be exploited by attackers who intercept and modify NTLM authentication traffic on the network.

System Stability and Performance Improvements

ARM64 Architecture Enhancements

This update includes significant improvements for ARM64-based Windows 11 devices, particularly addressing race conditions in power management subsystems that were causing unexpected shutdowns. The fixes include:

• Enhanced CPU core parking algorithms optimized for ARM64 processors
• Improved thermal management for Snapdragon-based devices
• Resolved ACPI power state handling inconsistencies
• Better synchronization between CPU cores during sleep/wake transitions

Windows Search Performance Optimization

The update addresses performance issues in the Windows Search indexing service that were causing high CPU usage and slow search results. Key improvements include:

• Optimized indexing algorithms reducing CPU usage by up to 40%
• Faster search result retrieval for collections with over 100,000 files
• Improved handling of network-attached storage (NAS) indexing
• Enhanced file system change monitoring efficiency

Compatibility and Third-Party Software

This update resolves several compatibility issues with third-party security software that were causing system instability or boot failures. The fixes include revised kernel callback mechanisms and improved driver signature validation processes.

Affected software categories include:

• Real-time antivirus scanners with kernel-mode components
• Endpoint detection and response (EDR) solutions
• Data loss prevention (DLP) software with file system filters
• Network security appliances with Windows-based management interfaces

Installation and Deployment

Automatic Distribution

KB5079466 is distributed automatically through Windows Update to all eligible Windows 11 Version 26H1 systems. The phased rollout began on March 10, 2026, with Microsoft targeting complete deployment within 2-3 weeks based on system telemetry and compatibility data.

Enterprise Deployment

Enterprise environments can deploy this update through:

• Windows Server Update Services (WSUS): Available immediately for controlled deployment
• Microsoft System Center Configuration Manager: Classified as Critical and Security update
• Microsoft Intune: Available in the Windows Updates for Business channel
• Microsoft Update Catalog: Manual download for offline installation

Installation Requirements

System requirements for successful installation:

• Windows 11 Version 26H1 (any edition)
• Minimum 2 GB free disk space on system drive
• Administrative privileges for installation
• Active internet connection for Windows Update delivery

Installation time varies by system configuration but typically completes within 15-30 minutes. A system restart is mandatory to complete the update process.

Post-Installation Verification

After installation, verify the update using these methods:

Settings App Verification

Navigate to Settings > Windows Update > Update history to confirm KB5079466 appears in the installed updates list.

PowerShell Verification

Execute the following command in an elevated PowerShell session:

Get-HotFix -Id KB5079466 | Format-Table -AutoSize

System Information Verification

Confirm the OS build number has updated to 28000.1719 by running:

winver

Known Issues and Workarounds

While KB5079466 resolves critical security vulnerabilities, several minor issues have been identified:

Windows Hello Performance

Face recognition authentication may experience 3-5 second delays on systems with older USB-connected cameras. This primarily affects cameras manufactured before 2024 that lack hardware-accelerated biometric processing.

VPN Client Compatibility

Legacy VPN clients using deprecated protocols (PPTP, L2TP without IPSec) may fail to establish connections. Organizations should update to modern VPN solutions supporting IKEv2 or OpenVPN protocols.

Memory Usage Increases

Windows Defender Application Guard shows increased memory consumption (200-400 MB additional) during active browsing sessions. This is due to enhanced security sandboxing implemented in this update.

Security Recommendations

Microsoft strongly recommends immediate installation of KB5079466 due to the critical nature of the addressed vulnerabilities. Organizations should:

• Prioritize deployment to internet-facing systems and domain controllers
• Test the update in non-production environments before broad deployment
• Monitor system performance and user feedback after installation
• Update third-party security software to ensure compatibility
• Review and update VPN client software as needed