Microsoft’s February Patch Tuesday delivers two cumulative updates—KB5077181 for 25H2/24H2 and KB5075941 for 23H2—that bundle the latest security fixes, a new Cross‑Device Resume capability, and updated Secure Boot keys. Installing these updates now protects your Windows 11 machines from emerging threats and lets you continue apps across devices without missing a beat.
What’s Inside KB5077181?
KB5077181 targets the 25H2 and 24H2 channels (build 26200.7840 and 26100.7840). It combines recent security patches with a handful of functional tweaks that have been in the optional preview.
Key Additions
- Cross‑Device Resume – pick up a suspended app on another Windows 11 device while preserving its state.
- Secure Boot key updates – new firmware certificates are pushed to prevent boot failures when older keys expire.
- Smart App Control rule refresh – tighter heuristics block newly discovered malware families.
What’s Inside KB5075941?
KB5075941 is the back‑port for the 23H2 branch. It doesn’t introduce new features, but it carries the same security fixes and Secure Boot updates found in KB5077181, ensuring older builds stay protected.
Secure Boot Key Updates Explained
Microsoft flagged “Secure Boot rollout signals” as a core part of the February updates. Starting soon, a set of firmware certificates will expire, and devices that haven’t refreshed their keys could fail to boot or become vulnerable to low‑level attacks. The updates pre‑emptively install refreshed keys and verification data, giving you a safety window before the expiration.
Cross‑Device Resume Feature Overview
The new Cross‑Device Resume feature extends the “continue on PC” concept. When you suspend an app on one Windows 11 device, the OS records its state and makes it available on any other enrolled device. This works seamlessly for supported apps and requires no extra configuration.
Smart App Control Enhancements
Smart App Control receives a batch of rule updates that tighten its whitelist‑based blocking engine. While the changes run under the hood, they raise the bar against unsigned or suspicious executables. If you rely on legacy line‑of‑business apps, you may need to review the logs and whitelist any legitimate binaries that get flagged.
Deployment Guidance for IT Admins
For administrators, the rollout follows the usual testing‑staging‑deployment cycle. Here’s a quick checklist:
- Verify firmware compatibility on mixed‑generation hardware before the Secure Boot certificate expiration.
- Test Cross‑Device Resume on a pilot group to confirm app compatibility.
- Review Smart App Control logs after deployment and add necessary exceptions.
- Use Windows Update or the Microsoft Update Catalog for automated distribution; manual installs require administrator rights.
Next Steps for Users
If you’re on Windows 11 25H2 or 24H2, let the cumulative update install automatically—it’s the safest way to get both the security patches and the new Cross‑Device Resume feature. If you’re still on 23H2, schedule the KB5075941 rollout to keep your machines in lockstep with the latest mitigations. Finally, check your Secure Boot key status today; waiting until the certificates expire could leave you with an unexpected boot failure.
