Microsoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements.
The KB5089573 update is part of the company’s non-security preview schedule, designed to introduce new features and fixes at the end of each month, allowing IT admins and users to test them before rolling them out to the general user base during next month’s Patch Tuesday.
However, unlike regular Patch Tuesday cumulative updates, monthly preview updates are optional and do not include security updates.
With the May 2026 optional update, Microsoft is gradually rolling out general OS performance upgrades and several reliability improvements to Windows Hello.
“This update accelerates app launch and core shell experiences such as Start menu, Search, and Action Center,” Microsoft said in a Tuesday support document.
“This update improves sign‑in behavior on the lock screen and sign‑in screen. When Windows Hello face or fingerprint is set up and available, it is now the default sign-in method every time you sign in, even if you used a different method previously. If you need to use your Windows PIN instead and use it three times in a row, Windows will stay with PIN until you switch to another sign-in method.”
Additionally, KB5089573 improves Windows reliability in File Explorer, on the sign-in and lock screens, when changing themes in Settings, and when using touch gestures on touchscreen devices.
This preview update also improves performance when resuming from Modern Standby and reduces the number of unexpected blocks during Windows Hello Enhanced Sign‑in Security authentication.
You can install this update either by downloading it from the Microsoft Update Catalog or by opening Settings, clicking Windows Update, and then selecting “Check for Updates.”
Because this is an optional update, you will be asked whether you want to install it by clicking the “Download and install” link unless you have the “Get the latest updates as soon as they’re they’re available” option enabled, which will prompt the OS to install it automatically.
Windows 11 KB5089573 highlights
Once installed, this optional non-security update will upgrade Windows 11 25H2 and 24H2 devices to builds 26200.8524 and 26100.8524, respectively.
The May 2026 preview update adds further improvements, some of the more important ones highlighted below:
- Shared audio lets two people listen to the same audio simultaneously on a single Windows 11 PC.
- This update improves the CPU speed display on the Performance page of Task Manager for VMs, so it no longer shows higher-than-expected numbers after resuming from hibernation.
- [Sensors] This update improves resiliency against apps that could keep the sensor hub powered on and drain power, impacting battery life.
- [Human Interface Device (HID)] This update improves HID and Input stack battery life for failed HID devices. Power hygiene is also improved against applications that might initiate HID transfers during standby.
- With this update, Windows quality updates include additional high-confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after demonstrating sufficient successful update signals, maintaining a controlled and phased rollout.
Microsoft also reminded users that updated Secure Boot certificates are rolling out to replace the original 2011 certificates, which are set to expire in late June.
In January, Microsoft first revealed plans to refresh expiring Secure Boot certificates on eligible Windows 11 systems, after warning users and IT admins in November 2025 to update the security certificates before they expire.
Over the weekend, Microsoft also confirmed a known issue affecting Windows Server 2016 systems that causes domain controller lookup failures after installing the KB5087537 May 2026 security update.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.