Microsoft released cumulative update KB5089549 for Windows 11, versions 24H2 / 25H2 as part of the May 2026 Patch Tuesday. The cumulative update package KB5065426 (Build 26200.8457 / 26100.8457) is intended for Windows 11, version 25H2 (Windows 11 2025 Update) on x64 (amd64) and ARM64 processors.
The update includes various security improvements for internal OS features from May 2026, and also includes all fixes and changes from the KB5083631 (Build 26200.8328) Preview update for Windows 11, version 25H2.
- Xbox Mode for laptops, desktops, and tablets. The update brings a special gaming mode that optimizes system resource allocation for smoother gameplay on any device type.
- Support for uu, cpio, xar, and NuGet (nupkg) archives in File Explorer. The built-in file manager can now open and extract these formats without installing third-party software.
- Haptic feedback for compatible pens and mice. When interacting with interface elements or in supported applications, the user will feel vibrations and tactile responses on the stylus or mouse.
- Redesigned voice input on the touch keyboard. The dictation interface has become more modern and convenient, with improved speech recognition visualization.
- New agent tracking mechanism on the taskbar. The taskbar now has the ability to host dynamic assistant agents; the first to use this mechanism is Researcher in Microsoft 365 Copilot.
- Increased FAT32 formatting limit to 2 TB via command line. Using the format command, you can now create FAT32 partitions up to 2 terabytes instead of the previous 32 GB.
- Updated driver security policy. Trust revocation has been introduced for cross-signed drivers, enhancing protection against potentially malicious code installation.
- Protected batch file processing mode. Through the LockBatchFilesWhenInUse registry setting, you can block modifications to .bat and .cmd files while they are running, preventing command substitution attacks.
- Additional data for Secure Boot. As part of the Windows quality update, data has been added to precisely determine compatible devices, expanding the list of devices that automatically receive new Secure Boot certificates in stages only when previous updates succeed.
- Increased Boot Manager reliability. Starting boot files after updates has become more stable, and devices boot normally without entering BitLocker recovery mode.
Known issues: In May 2026, Microsoft fixed 120 security issues. Among the fixed bugs are issues with Kerberos authentication in Remote Desktop via Remote Credential Guard and the RDP security warning dialog when working with multiple monitors of different scaling.
Also fixed is a BitLocker bug that caused some devices to enter BitLocker recovery mode after updating boot files on systems with incorrect PCR7 configurations (this issue was observed after installing KB5083769 from April 2026).
Increased reliability of Simple Service Discovery Protocol (SSDP) notifications to prevent the service from becoming unresponsive.
If you have installed previous updates, only the new updates contained in this package will be downloaded and installed on your device. A computer restart is required to complete installation. After the update, the Windows 11 build number will change to 26200.8457.
Installation via Windows Update: cumulative update 5089549 for PCs installs automatically through Windows Update. To check, go to Settings > Windows Update and click Check for updates.
How the new features work:
Xbox Mode for laptops, desktops, and tablets. When activated, the system dynamically assigns CPU/GPU priorities: background processes (updates, services) receive reduced time quantization, while the game process gets high-priority queues. Additionally, the aggressiveness of PCIe power-saving mechanisms and interrupt timers is reduced.
Support for uu, cpio, xar, and NuGet (nupkg) archives in File Explorer. File Explorer now uses a universal archive parser based on the libarchive library. When opening .nupkg (essentially a ZIP with metadata) or .cpio, the shell mounts a virtual file system "on the fly" without extracting to disk.
Haptic feedback for compatible pens and mice. The input driver sends tactile commands to the device via the HID report Usage ID 0x0E (Haptic Intensity). The system generates short vibration pulses when crossing UI element boundaries, using piezo actuators with frequencies up to 200 Hz to simulate texture.
Redesigned voice input on the touch keyboard. The microphone stream is processed by a server-side speech model via the Windows.Media.SpeechRecognition API. The new visualization displays volume level, hypothesis confidence, and pauses in real time, while noise graphs are suppressed by a four-microphone source locator.
New agent tracking mechanism on the taskbar. The shell now includes a TaskbarAgentHost that registers dynamic progress bars and icons from AI services via the COM interface ITaskbarAgentController. Researcher in Copilot passes search state as a "live" tile with gesture support.
Increased FAT32 formatting limit to 2 TB via command line. The format /FS:FAT32 command now ignores the old BIOS INT 13h limitation. The new fat32ex.sys implementation allows the cluster map to address up to 2^28 sectors using 32-bit FAT table entries without CHS emulation.
Updated driver security policy. Certificates for cross-signing (SHA-1/Authenticode) issued before 2015 have been revoked. The ci.dll check now requires a valid Microsoft Windows Production PCA 2023 certificate to load any kernel driver; outdated signatures are blocked at the SeValidateImageHeader stage.
Protected batch file processing mode. The LockBatchFilesWhenInUse registry key, when set to 1, places an exclusive FILE_FLAG_DENY_WRITE lock on the .bat/.cmd handle. The cmd.exe process holds it until the batch file completes, preventing command injection via concurrent writes.
Additional data for Secure Boot. The update adds a list of compatible platforms (measured bootloaders, TPM versions) to the SecureBootVariable database. The system gradually distributes new certificates only to devices where the previous update (LCU) applied without errors with return code 0x0.
Increased Boot Manager reliability. The bootmgfw.efi update protocol has been changed: a shadow copy of BCD templates is now created before files are replaced. In case of failure, the bootloader automatically rolls back to the previous version, avoiding BitLocker configuration resets due to PCR7 mismatches.
Official announcement on the Microsoft website.
The last 10 Windows updates:
| Update | Build | Version | Windows | Channel | Date |
|---|---|---|---|---|---|
| KB5089570 | 28000.2173 | 26H1 | Windows 11 | Preview | 2026-05-14 |
| KB5089573 | 26200.8514 | 25H2 | Windows 11 | Preview | 2026-05-14 |
| KB5087420 | 22631.7079 | 23H2 | Windows 11 | Stable | 2026-05-12 |
| KB5089548 | 28000.2113 | 26H1 | Windows 11 | Stable | 2026-05-12 |
| KB5087544 | 19045.7291 | 22H2 (ESU) | Windows 10 | Stable | 2026-05-12 |
| KB5089549 | 26200.8457 | 24H2/25H2 | Windows 11 | Stable | 2026-05-12 |
| KB5089417 | 26220.8370 | 25H2 | Windows 11 | Beta | 2026-05-08 |
| KB5089414 | 26300.8376 | 25H2 | Windows 11 | Experimental | 2026-05-08 |
| KB5089416 | 28020.2075 | 26H1 | Windows 11 | Experimental | 2026-05-08 |
| KB5083810 | 26220.8340 | 25H2 | Windows 11 | Beta | 2026-05-01 |