Windows 11 KB5083769: Everything New in the April 2026 Update

Tuesday, April 14, 2026

Windows 11 KB5083769: Everything New, Fixed, and Changed in the April 2026 Patch Tuesday Update

Microsoft released the April 2026 Patch Tuesday update for Windows 11 on April 14, 2026. The update carries the knowledge base number KB5083769 and applies to both Windows 11 version 24H2 and 25H2. After installing it, your build number will advance to 26100.8246 (24H2) or 26200.8246 (25H2). This is the fourth Patch Tuesday release of 2026, and unlike some months that lean heavily on security patches with little else, April's update brings a meaningful collection of new features, quality-of-life improvements, accessibility enhancements, display fixes, and a critically important Secure Boot certificate rollout that every Windows 11 user needs to be aware of.

 https://i.ytimg.com/vi/HufIFdXqgGs/hq720.jpg?sqp=-oaymwEhCK4FEIIDSFryq4qpAxMIARUAAAAAGAElAADIQj0AgKJD&rs=AOn4CLCJxCuTtyHwgdPapIdctKRRcQjFZA

Some features in this update are available immediately after installation. Others are being rolled out gradually through Microsoft's Controlled Feature Rollout (CFR) system — a staged A/B testing approach that delivers new capabilities to devices in waves rather than all at once. If you install KB5083769 and a specific feature described below does not appear right away, it may take days or weeks to reach your device through CFR. Here is the full breakdown of everything this update contains.

How to Get KB5083769

KB5083769 installs automatically through Windows Update for users on Windows 11 24H2 and 25H2 who have not paused updates. To install it manually, go to Settings → Windows Update → Check for updates. The update shows up in the queue as "2026-04 Security Update (KB5083769)." The download size through Windows Update is under 1GB for most systems. If you need to install it manually or offline, the full MSU files are available from the Microsoft Update Catalog — the x64 package runs around 5.1GB and the ARM64 version is under 4.5GB when downloaded as a standalone installer.

Windows 11 version 23H2 receives a separate update, KB5082052, which brings the same security fixes but does not include the new features covered here.

The Security Picture: 167 Flaws Patched, Two Zero-Days

The April 2026 Patch Tuesday is one of the larger security updates of the year so far. Microsoft has patched 167 vulnerabilities across Windows and related products in this cycle — up significantly from March's 79 and February's 58. Of those 167, two are zero-day vulnerabilities that were known or actively exploited before the patch was available. Eight vulnerabilities are rated Critical: seven involve remote code execution flaws and one is a denial-of-service vulnerability.

The April update also contains cumulative fixes from previous months, incorporating security and quality improvements from March's KB5079473 (March 10), the out-of-band KB5085516 (March 21), the preview KB5079391 (March 26), and the out-of-band KB5086672 (March 31). If you missed any of those interim updates, KB5083769 covers them all.

Microsoft also released companion .NET security updates alongside KB5083769: the .NET Framework Security Update (KB5082417), .NET 9.0.15 Security Update (KB5086097), and .NET 8.0.26 Security Update (KB5086096). These are important for any system running .NET-dependent applications and should be installed alongside the main cumulative update.

Critical Secure Boot Warning: Certificates Expire in June 2026

The most time-sensitive item in KB5083769 is not a bug fix or a new feature — it is the Secure Boot certificate update rollout that Microsoft is now accelerating with this patch. Secure Boot certificates used by the vast majority of Windows devices are set to expire starting in June 2026. If a device does not receive updated certificates before those expiry dates, it may lose the ability to boot securely, which in the worst case means the machine will not start at all after the old certificates are rejected.

KB5083769 takes two related actions here. First, it adds a new status indicator inside the Windows Security app (Settings → Privacy & Security → Windows Security) that shows the current state of your Secure Boot certificate update. You may see a badge or notification indicating whether your device's certificates have been successfully updated or still need attention. This visibility is disabled by default on commercial/enterprise devices but enabled on consumer systems. Second, the update improves the targeting data used to determine which devices automatically receive the new Secure Boot certificates, broadening coverage to more eligible devices.

Microsoft has also addressed a bug in this update where some devices were unexpectedly entering BitLocker Recovery after Secure Boot certificate changes — a disruptive problem that locked users out of their systems at startup. That issue is now fixed. If you have not yet verified that your device has a BitLocker recovery key backed up somewhere accessible, do that before installing any update that touches Secure Boot. The key is retrievable from your Microsoft account at account.microsoft.com/devices/recoverykey if it was saved there, or through your organization's Azure AD/Entra ID if it is a work machine.

New Feature: Narrator Image Descriptions for All Windows 11 PCs

One of the most meaningful accessibility improvements in this update is the expansion of Narrator's image description capability. Until April's update, Narrator's rich AI image descriptions were only available on Copilot+ PCs — systems with Qualcomm Snapdragon X, Intel Core Ultra 200V (Lunar Lake), or AMD Ryzen AI 300 series processors that include dedicated Neural Processing Units for on-device AI. On those machines, Narrator could describe images instantly using local AI processing without sending data to the cloud.

With KB5083769, Microsoft is bringing image description capability to all Windows 11 devices, including systems without NPUs, by routing descriptions through Copilot in the cloud. The shortcuts are:

  • Narrator key + Ctrl + D — describes the currently focused image
  • Narrator key + Ctrl + S — describes the entire screen

When you trigger either shortcut on a non-Copilot+ PC, Copilot opens with the image already loaded and ready for you to enter a prompt for a customized description. Microsoft is explicit that the image is only shared with Copilot after you actively choose to describe it — nothing is sent automatically. On Copilot+ PCs, the experience remains faster because the on-device path still delivers instant responses without the cloud round-trip. For users who rely on Narrator for accessibility, this is a significant expansion of a feature that was previously gated behind expensive hardware.

New Feature: Smart App Control Can Now Be Toggled Without a Reinstall

Smart App Control (SAC) is Windows 11's built-in application reputation system that blocks untrusted or potentially harmful apps from running. The feature works by checking applications against Microsoft's cloud-based safety reputation database before allowing them to execute. It is a useful layer of protection — but it had a critical usability problem. Once enabled, the only supported way to turn SAC off was to perform a clean reinstall of Windows. There was no toggle, no Settings option, no reversal path.

That restriction is gone with KB5083769. You can now turn Smart App Control on or off at any time by going to Settings → Windows Security → App & Browser Control → Smart App Control settings. No reinstall required. This change makes the feature genuinely practical for a much wider audience. Developers, IT professionals, and power users who need to run tools that SAC might flag — package managers, custom scripts, dev tools — no longer have to choose between having SAC enabled and being able to do their work. They can enable it for general use and disable it when needed, then re-enable it afterward.

Note that this feature is rolling out gradually through CFR, so it may not appear in your Settings immediately after installing the update. Microsoft first disclosed the planned change back in January 2026's preview update (KB5074105), and April is when it begins reaching devices.

New Feature: Microsoft 365 Subscription Management in Settings

For users on a Microsoft 365 Family subscription, KB5083769 adds the ability to upgrade to a different Microsoft 365 plan directly from Windows Settings under Settings → Accounts. Previously, attempting to change your Microsoft 365 subscription tier from within Windows Settings would redirect you to a browser and Microsoft's website. The entire transaction now stays within the operating system, which is a minor but welcome convenience. If you do not want to see this upgrade prompt, it can be disabled by turning off Suggested content in Settings.

Settings App Modernization: Dark Mode and Cleaner Layout

Microsoft continues its long-running effort to modernize the Settings app section by section, and April's update touches two notable areas. The dialog boxes under Settings → Accounts → Other users have been redesigned to match Windows 11's modern visual language and properly support dark mode. Before this update, those dialogs displayed using the legacy Windows UI style — a light-themed modal that ignored your system dark mode preference entirely. The inconsistency was particularly jarring on systems configured with a dark theme, where a blinding white dialog would appear in the middle of an otherwise dark interface. That is fixed.

The Settings About page (Settings → System → About) has also been improved with a more structured, cleaner layout. Device specifications are now presented in a more readable format, and navigation to related sections — such as Storage settings — is more direct. The device information card on the Settings Home page has been updated to match, displaying key specs more clearly and consistently. These are the kinds of incremental UI polish changes that collectively add up to a more coherent Settings experience over time.

Bug Fix: sfc /scannow Now Reports Accurately

A bug that has frustrated Windows administrators and power users is resolved in this update. The sfc /scannow command — the System File Checker tool used to scan for and repair corrupted Windows system files — was previously returning false positive error reports. The tool would indicate that it had found and fixed integrity violations even on healthy systems where no actual corruption existed. This made it difficult to trust the output of the scan when genuinely trying to diagnose a problematic Windows installation.

After installing KB5083769, sfc /scannow accurately reports the true status of your system files — reporting clean when the files are clean and flagging actual issues only when they exist. For IT administrators who use sfc as part of their troubleshooting workflow, this is a reliability fix that restores confidence in the tool's output.

Bug Fix: Reset This PC No Longer Fails After March's Hotpatch

The March 2026 Hotpatch security update (KB5079420) introduced a bug that caused the Reset this PC feature to fail in certain scenarios. Users who attempted to reset their Windows 11 installation using either the "Keep my files" or "Remove everything" options would encounter an error and the reset would not complete. This was a significant issue for users who needed to perform a clean reset — whether troubleshooting a broken installation, preparing to sell or repurpose a device, or recovering from a software problem.

KB5083769 addresses this bug directly. The fix applies to both reset modes ("Keep my files" and "Remove everything"), and after installing the April update, Reset this PC should function reliably again.

Display and Hardware Improvements

April's update includes several display-related reliability improvements that cover niche but meaningful scenarios for specific hardware configurations.

Monitors can now report refresh rates higher than 1000 Hz to Windows, which was previously not supported. While most monitors operate well below this threshold, the high-refresh-rate gaming monitor market is pushing toward and in some cases exceeding 1000 Hz, and Windows needed to support that range for driver and OS-level reporting to work correctly.

For laptop users with USB4 displays, the USB controller can now enter its lowest power state while the PC is sleeping. Previously, a USB4 monitor connection would prevent the USB controller from reaching its deepest sleep state, resulting in measurably higher battery drain during sleep. This fix is specifically relevant for users who leave a laptop connected to a USB4 external display overnight or during meetings.

Auto-rotation reliability has also been improved after resuming from sleep — addressing a bug where a device would resume from sleep with its display orientation stuck in the previous state rather than correctly detecting the current physical orientation.

File Explorer: Easier Unblocking of Downloaded Files

When you download a file from the internet, Windows marks it with a "Zone Identifier" tag — commonly referred to as the Mark of the Web — that designates it as coming from an untrusted source. Many file types are blocked by default until you explicitly unblock them, either by right-clicking and selecting Properties, then clicking "Unblock," or using PowerShell. The preview pane in File Explorer would also decline to show previews of blocked files.

KB5083769 improves the reliability of unblocking downloaded files for preview in File Explorer. The change addresses scenarios where the unblock process would silently fail or require multiple attempts to work correctly. For users who regularly work with downloaded files — especially installers, scripts, or documents from external sources — this is a usability improvement that reduces friction in the file handling workflow.

File Explorer's Advanced Security Settings window for folders has also been updated to allow sorting of permissions entries by Principal. For administrators managing folder permissions, this makes it easier to audit and organize access control entries without having to scroll through an unsorted list.

Wi-Fi 8 Groundwork and Networking

As noted in the Linux 7.0 kernel release coverage, Wi-Fi 8 (802.11bn, also called Ultra High Reliability or UHR) is not yet shipping in commercial hardware. However, both the Linux kernel and Windows 11 are beginning to lay the groundwork for the standard's eventual arrival. KB5083769 includes initial Wi-Fi 8 UHR support in the networking stack, ensuring that when Wi-Fi 8 adapters do reach the market, Windows 11 will be ready to support them from day one without requiring a major update.

What Versions of Windows 11 Does KB5083769 Apply To?

KB5083769 applies to Windows 11 versions 24H2 and 25H2 only. The two versions receive identical feature content from this update — there are no exclusive additions for one version versus the other. Version 23H2 receives a separate security update (KB5082052) that carries the same security patches but does not include the new features described in this article. Users on 23H2 who want the accessibility improvements, Smart App Control toggle, and other quality-of-life additions will need to upgrade to 24H2 or 25H2.

To check which version of Windows 11 you are running, go to Settings → System → About and look at the Windows specifications section. If your "Version" shows 24H2 or 25H2, KB5083769 applies to you.

Should You Install KB5083769?

Yes, and there is more urgency than usual for this specific update. The Secure Boot certificate expiry timeline means that delaying updates into late spring 2026 carries real risk for devices that have not yet received the certificate renewal. KB5083769 advances that rollout and adds the Windows Security visibility to confirm your device's status. Beyond the Secure Boot imperative, the 167 security fixes — including two zero-days — make this a mandatory patch from a standard security hygiene perspective.

The feature additions are a bonus on top of the security obligations. The Smart App Control toggle removes a longstanding frustration, the Narrator image description expansion meaningfully improves accessibility for a much wider user base, and the sfc and Reset this PC bug fixes restore reliability to tools that should work correctly by default. Install it through Windows Update, verify your Secure Boot certificate status in the Windows Security app, and confirm your BitLocker recovery key is accessible if you use drive encryption.

Want more Windows 11 update coverage, security patch analysis, and how-to guides? Browse our other posts for the latest on Windows, hardware, and PC software.