Microsoft has rolled out KB5095189, a new cumulative update targeting the Out-of-Box Experience (OOBE) for Windows 11, versions 24H2 and 25H2.
Released on June 23, 2026, this update refines the initial setup flow that users encounter when configuring a new or freshly reset Windows 11 device, rather than touching the core operating system components.
KB5095189 is scoped exclusively to the Windows OOBE process, the guided sequence users walk through during first-time device setup, including region selection, account configuration, and privacy settings.
Unlike standard cumulative updates that patch broader OS functionality, this update improves stability and reliability specifically during that onboarding sequence.
The update automatically downloads and installs during OOBE, provided the device has an active internet connection at setup time. Devices without connectivity during OOBE will not receive this patch through that channel.
Windows 11 OOBE Cumulative Update
This is a targeted, delivery-specific update. It doesn’t appear through Windows Update for already-provisioned systems in the traditional sense; instead, it’s fetched and applied during the OOBE stage itself.
This design lets Microsoft patch setup-related bugs, improve compatibility, or adjust onboarding logic without requiring a full servicing stack update on devices already in active use.
For enterprise IT teams managing device provisioning at scale, particularly through Autopilot or similar deployment pipelines, this matters because inconsistent internet availability during OOBE can cause devices to complete setup with the older KB5078674 baseline instead of KB5095189, potentially leading to configuration drift across a fleet of newly imaged machines.
Microsoft has published a CSV file detailing all files included in the KB5095189 package, accessible via Microsoft’s official download link. Security teams and system administrators verifying update integrity or auditing OOBE-related changes can cross-reference this file listing against endpoint telemetry.
Notably, Microsoft flags that the English (United States) release of this update may bundle files for additional language packs, which is standard practice for cumulative updates spanning multi-region deployments.
While OOBE updates aren’t traditionally viewed through a vulnerability-patching lens, they’re relevant to security operations for a few reasons. Onboarding flow bugs can occasionally introduce misconfigurations, incomplete privacy setting enforcement, or account provisioning issues that create downstream exposure.
Organizations with strict compliance requirements around device baseline configurations should confirm imaging processes pull KB5095189 rather than the deprecated KB5078674, especially for new device rollouts occurring after June 23, 2026.
No CVE identifiers or security advisories are associated with this release, indicating it’s a functional and reliability update rather than a security patch.
Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.
The post Microsoft Releases OOBE Cumulative Update for Windows 11, Versions 24H2 and 25H2 appeared first on Cyber Security News.



