NAVANEM
Security updateOS build 26100.7392, 26200.7392

KB5074204: Security Update for Windows PowerShell (OS Builds 26100.7392 and 26200.7392)

A security update for Windows PowerShell targeting hotpatch-enrolled devices running Windows 11 24H2 and 25H2, released December 9, 2025.

KB5074204: Security Update for Windows PowerShell (OS Builds 26100.7392 and 26200.7392) — navanem Microsoft KB cover
KB5074204 · Windows 11 · Security Update

Summary

KB5074204 is a security update for Windows PowerShell, covering OS Builds 26100.7392 and 26200.7392, released on December 9, 2025. It applies to Windows 11 Enterprise LTSC 2024, version 24H2, and version 25H2. This update is exclusive to devices enrolled in the hotpatch program. See Microsoft Support for the official page.

Improvements and fixes

  • PowerShell 5.1 - Invoke-WebRequest security prompt: The Invoke-WebRequest command now presents users with a confirmation prompt that includes a security warning about script execution risk when downloading web content. Users can choose to proceed with or cancel the request. This change addresses CVE-2025-54100 and is detailed further in KB5074596: PowerShell 5.1: Preventing script execution from web content.

Known issues

Microsoft lists no known issues for this update at the time of writing.

How to get this update

This update is available exclusively to devices enrolled in the hotpatch program. It can be obtained through the following channels:

  • Windows Update and Microsoft Update: The update downloads and installs automatically.
  • Windows Update Catalog: Available for manual download and deployment.
  • Server Update Services (WSUS): Available; refer to the Windows Update Catalog option for guidance.

Important: Your device may require a restart if a PowerShell session is active at the time the update is applied, even though hotpatch updates are generally designed to install without a restart. For full details on hotpatch updates and program enrollment, see the Hotpatch updates documentation.

Frequently asked questions

Does this update apply to all Windows 11 devices?

No. KB5074204 applies only to devices enrolled in the hotpatch program. The supported editions are Windows 11 Enterprise LTSC 2024, Windows 11 Enterprise and Education version 24H2, and Windows 11 Enterprise and Education version 25H2. Devices outside the hotpatch program will not receive this specific update package.

Will this update restart my device?

Hotpatch updates are designed to avoid mandatory restarts, but Microsoft notes that a restart may still be required if an active PowerShell session is running at the time of installation, independent of the hotpatch mechanism. Plan maintenance windows accordingly if PowerShell activity is expected on target systems.

What security vulnerability does this update address?

The update addresses CVE-2025-54100, a script execution risk associated with the PowerShell 5.1 Invoke-WebRequest command. The fix adds a confirmation prompt with a security warning so users can review and either approve or cancel a request before potentially unsafe web content is executed. Additional detail is in KB5074596.

Which architectures are covered by the updated files?

Microsoft ships updated files for both x64-based and ARM64-based versions of Windows. The primary files updated are Microsoft.PowerShell.Commands.Utility.dll and associated Microsoft.PowerShell.Commands.Utility.Resources.dll localization assemblies, all at file version 10.0.26100.7456, dated December 5, 2025.

#PowerShell#security-update#hotpatch#invoke-webrequest#windows-11-24h2#windows-11-25h2#cve-2025-54100

Related topics