Microsoft’s March 2026 Patch Tuesday update for Windows 11 delivers far more than routine security fixes. The cumulative update KB5079473 introduces several new system capabilities while also addressing critical vulnerabilities actively exploited in the wild.
Rolling out under build 26200.8037 for Windows 11 version 25H2 and build 26100.8037 for version 24H2, this mandatory update integrates tools that previously required optional preview builds or external downloads. In addition to improved security defenses, users gain several practical features for desktop customization, system monitoring, and network diagnostics.
Because this is a mandatory cumulative security update, Windows 11 automatically downloads and installs it through Windows Update during scheduled maintenance windows.
Quick Overview of KB5079473
| Category | Key Additions |
|---|---|
| System monitoring | Native integration of System Monitor (Sysmon) |
| Desktop customization | WebP images can now be used as wallpapers |
| Networking | Built-in internet speed test accessible from the taskbar |
| Interface updates | Emoji 16.0 support and improved search previews |
| Security | Fixes 58 vulnerabilities, including 6 actively exploited zero-days |
This update represents one of the more feature-rich Patch Tuesday releases, combining security improvements, usability upgrades, and advanced system tools.
Desktop and Interface Improvements
WebP Wallpaper Support
Desktop personalization receives a notable upgrade with native support for WebP image files.
Users can now set a .webp file as their desktop background directly from File Explorer or the Windows Personalization settings.
Previously, WebP images had to be converted into JPEG or PNG formats before they could be used as wallpapers. With this update, the process is seamless:
- Right-click a WebP image in File Explorer
- Select Set as desktop background
Alternatively, users can choose WebP images directly from Settings → Personalization → Background.
This change makes Windows more compatible with modern image formats that offer higher compression efficiency without sacrificing quality.
Built-In Internet Speed Test in the Taskbar
The update also introduces a quick internet speed test shortcut directly in the taskbar.
Users can launch the test by clicking the network icon in the system tray or by opening Quick Settings for Wi-Fi or Cellular connections.
Starting the test automatically opens the default browser to measure:
- Download speed
- Upload speed
- Connection latency
Although the measurement runs in the browser, the new shortcut eliminates the need to manually search for a speed testing site.
Emoji 16.0 Support
The Windows emoji panel has been updated to support the latest Unicode Emoji 16.0 standard.
The update introduces a new emoji symbol in each major category, expanding expression options across messaging, documents, and social platforms.
The emoji panel can be opened using the Windows + Period (.) shortcut.
Improved Search Preview in the Taskbar
Windows search functionality becomes more informative in this release.
When hovering over a search result in the taskbar search interface, users can now see preview content without opening the file or document.
Additionally, search results are now organized using group headers, displaying how many results exist within each category, such as:
- Files
- Apps
- Settings
- Web results
This improvement helps users locate information faster and navigate results more efficiently.
File Explorer Reliability Improvements
Microsoft has also refined several behaviors in File Explorer.
Key improvements include:
- Middle-clicking the taskbar icon now reliably opens a new File Explorer window
- Holding Shift while clicking the icon also opens a new instance instead of focusing the existing one
- A new Extract All option appears in the command bar when browsing non-ZIP archive folders
These small but meaningful tweaks improve productivity for users who frequently manage files and compressed archives.
Redesigned Widget Settings Interface
The configuration interface for Windows Widgets has been redesigned.
Instead of a small popup dialog, widget configuration now uses a full-page settings layout, making it easier to browse options and adjust widget preferences.
Native System Monitor (Sysmon) Integration
One of the most significant technical additions is the native integration of Sysmon into Windows 11.
Previously distributed as part of the Sysinternals Suite, Sysmon is widely used by IT professionals and cybersecurity analysts to monitor detailed system activity.
With KB5079473, Sysmon becomes an optional Windows feature that can be enabled directly through system tools.
What Sysmon Does
Sysmon records detailed system activity events, including:
- Process creation and termination
- Network connections
- File creation timestamps
- Driver loading events
- Registry modifications
These logs are stored in the Windows Event Log, allowing security teams to detect suspicious behavior or investigate incidents.
How to Enable Sysmon
To activate the built-in version:
Step 1: Open PowerShell or Command Prompt as Administrator.
Step 2: Enable the feature using the deployment command:
Dism /Online /Enable-Feature /FeatureName:Sysmon
Step 3: Initialize the monitoring service:
sysmon -i
Important: If the standalone Sysinternals version is already installed, it must be removed before enabling the integrated feature.
RSAT Support for Windows 11 Arm Devices
Enterprise administrators gain expanded capabilities with full Remote Server Administration Tools (RSAT) support for ARM64-based systems.
IT professionals using ARM devices can now install tools such as:
- Active Directory management utilities
- DNS and DHCP administration consoles
- Server Manager
These tools are available through Optional Features in Windows settings.
Expanded Recovery Capabilities
The update also enhances system recovery functionality.
Quick Machine Recovery Enabled by Default
Quick Machine Recovery (QMR) is now automatically enabled for unmanaged Windows 11 Pro devices.
This feature provides automated boot repair and recovery tools if Windows fails to start properly.
For enterprise and domain-joined systems, QMR remains disabled unless enabled through corporate policies.
Improved Windows Backup Restoration
The Windows Backup restore process has also been enhanced.
For environments using Microsoft Entra ID, the restore experience now activates automatically when users sign in to a new device.
This allows:
- Automatic restoration of user settings
- Reinstallation of Microsoft Store apps
- Faster device migrations and hardware upgrades
The feature is particularly beneficial for Cloud PCs, hybrid-joined systems, and multi-user environments.
Security Fixes: Six Actively Exploited Zero-Day Vulnerabilities
Security remains the primary reason for installing this update.
KB5079473 resolves 58 total security vulnerabilities, including six zero-day flaws that attackers are actively exploiting.
| CVE ID | Vulnerability Description |
|---|---|
| CVE-2026-21510 | Windows Shell vulnerability bypassing SmartScreen protections via malicious shortcuts |
| CVE-2026-21513 | Security bypass in the MSHTML framework exploited through network connections |
| CVE-2026-21514 | Microsoft Word vulnerability bypassing OLE protections in malicious documents |
| CVE-2026-21519 | Privilege escalation flaw in Desktop Window Manager granting SYSTEM-level access |
| CVE-2026-21525 | Denial-of-service vulnerability in Windows Remote Access Connection Manager |
| CVE-2026-21533 | Remote Desktop Services flaw enabling unauthorized addition to Administrators group |
Installing the update immediately protects systems from these active threats.
Additional Security Enhancements
Several other security improvements are included.
WDAC Policy Fix
The update corrects how Windows Defender Application Control processes COM object allowlists, preventing legitimate objects from being blocked when endpoint security policies take precedence.
Secure Boot Certificate Updates
Microsoft has also started deploying updated Secure Boot certificates.
Systems with stable update histories will receive the new certificates automatically, ensuring compatibility ahead of older certificate expirations.
Installation and Deployment Details
Because KB5079473 contains critical security patches, Windows 11 installs it automatically through Windows Update.
Once downloaded, the system will prompt the user to restart the PC to complete installation.
For enterprise administrators or offline systems, standalone installation packages are available via the Microsoft Update Catalog.
Package Sizes
- x64 systems: ~4.5 GB
- ARM64 systems: ~4.3 GB
The update also includes the latest Servicing Stack Update (SSU version 26100.8035) to ensure reliable installation of future Windows updates.
Final Thoughts
The March 2026 Patch Tuesday update for Windows 11 is one of the more comprehensive monthly releases in recent memory. Alongside essential security fixes, Microsoft is gradually integrating powerful tools and practical usability improvements directly into the operating system.
Native Sysmon integration, WebP wallpaper support, and the taskbar internet speed test highlight the company’s effort to make Windows both more powerful and easier to use. At the same time, the patch addresses multiple serious vulnerabilities actively exploited by attackers.
For both home users and enterprise environments, installing KB5079473 as soon as possible ensures the system remains secure while benefiting from the latest enhancements to the Windows 11 platform.
And if you'd like to go a step further in supporting us, you can treat us to a virtual coffee ☕️. Thank you for your support ❤️!
We do not support or promote any form of piracy, copyright infringement, or illegal use of software, video content, or digital resources.
Any mention of third-party sites, tools, or platforms is purely for informational purposes. It is the responsibility of each reader to comply with the laws in their country, as well as the terms of use of the services mentioned.
We strongly encourage the use of legal, open-source, or official solutions in a responsible manner.
Comments