Windows 10 KB5087544 May 2026 Patch Tuesday Update Fixes Remote Desktop Bugs

Microsoft has released a new Windows 10 KB5087544 update that fixes problems affecting Remote Desktop, Secure Boot reporting, and Daylight Saving Time handling for Egypt.

The update fixes Remote Desktop Connection bugs and more

One of the main fixes targets a Remote Desktop Connection bug introduced after the April 2026 security update KB5082200. Some users reported that security warning dialogs rendered incorrectly on systems using multiple monitors or mixed display scaling setups.

Microsoft also updated Windows Security with support for dynamic Secure Boot status reporting. At the same time, the company continues rolling out new Secure Boot certificates through a phased deployment strategy using what it calls “high confidence device targeting.”

The update also adds a Daylight Saving Time adjustment for Egypt to reflect government DST rule changes introduced in 2023.

The change ensures Windows 10 systems display correct local time information in affected regions.

Microsoft warns about BitLocker recovery issue

Microsoft says some systems could unexpectedly trigger the BitLocker recovery screen after installing the update.

The issue only affects systems meeting several very specific conditions. BitLocker must already protect the operating system drive, a TPM validation policy must be manually configured, PCR7 must be included manually, and the system must already use the Windows UEFI CA 2023 certificate without using the newer 2023-signed Windows Boot Manager.

According to Microsoft, the problem mainly affects enterprise-managed systems and remains unlikely on most home PCs.

Recovery prompt should only appear once

Microsoft says affected systems typically show the BitLocker recovery prompt only during the first reboot after the update installs.

Future restarts should work normally if administrators do not modify existing policies afterward.

The company recommends temporarily changing the “Configure TPM platform validation profile for native UEFI firmware configurations” Group Policy setting to “Not Configured” before installing the update.

Admins should then run gpupdate /force, temporarily suspend BitLocker protection using manage-bde -protectors -disable C:, and re-enable protection afterward with manage-bde -protectors -enable C:.

Microsoft says the update changes Secure Boot certificate handling and modifies parts of the boot manager trust chain.

BitLocker interprets those new boot measurements as a potential security-related boot change, which then triggers the recovery screen on affected devices.

As for Windows 11, it was also updated with a new KB5089549 update.