Microsoft has begun rolling out the February 2026 security update for Windows 10 Extended Security Updates (ESU), labeled KB5075912. If your PC is running Windows 10 version 22H2 under ESU, this update moves your system to OS Build 19045.6937. For Windows 10 version 21H2, it updates the build to 19044.6937.
A key reason to install KB5075912 is a fix for an annoying (and potentially disruptive) power-related bug affecting certain security-focused PC configurations. Microsoft says some Secure Launch-capable devices with Virtual Secure Mode (VSM) enabled could run into a problem after installing Windows security updates released on or after January 13, 2026. Instead of shutting down or entering hibernation normally, impacted machines could unexpectedly restart. This update addresses that issue, restoring expected shutdown and sleep behavior for affected systems.
KB5075912 also signals an important security transition happening behind the scenes: a phased Secure Boot certificate rollout. According to Microsoft, Windows quality updates now include targeting data that helps determine whether a device is ready to receive new Secure Boot certificates. Rather than sending the certificates to every eligible device at once, Microsoft is using “sufficient successful update signals” to guide a gradual deployment. In practical terms, this means systems will receive the new certificates only after they’ve demonstrated they can successfully handle the required updates, helping reduce the risk of widespread compatibility problems.
Microsoft has described this Secure Boot certificate replacement as a coordinated effort involving both Windows servicing and PC maker firmware support. Devices that don’t receive the update immediately are expected to keep working, but Microsoft cautions they could end up in a “degraded security state” over time if the certificate updates are missed for too long. The company also emphasizes that unsupported Windows versions—including Windows 10—won’t receive the new Secure Boot certificates unless the device is enrolled in ESU. In some cases, a PC may also require an OEM firmware update before it can apply the certificate-related changes delivered through Windows Update.
For users looking to manually install the update, Microsoft provides standalone packages via the Microsoft Update Catalog, with KB5075912 entries dated February 10, 2026, including listings for Windows 10 22H2. As of the release notes for this update, Microsoft says it is not currently aware of any known issues.
If you rely on Windows 10 under ESU—especially on hardware using Secure Launch and VSM—KB5075912 is a particularly important February update, delivering both a direct usability fix and groundwork for ongoing Secure Boot security improvements.
