Windows 10 Logo Image © MicrosoftWindows 10 Logo (Image © Microsoft)

The update introduces several changes to the search function of the file explorer. Tests show a reduction in response times when executing search queries. The update also improves the processing of queries on systems on which a language other than English is set as the default language. Microsoft has also adjusted the display of text to ensure a more consistent visual experience for tooltips, content views and search results.

Provision of secure boot certificates

A significant part of KB5094127 is dedicated to the introduction of secure boot certificates. This deployment is intended to ensure that the boot process remains secure, provided the hardware has a supported BIOS or UEFI version.

Users can now monitor the status of these certificates via the Windows Security app. In the “Device Security” section, administrators and users can view the status of their secure boot configuration:

  • A green status confirms that all certificates are up to date.
  • A yellow warning indicates that the system is not updated, which often requires a firmware update from the original equipment manufacturer (OEM).
  • A red indicator means that the bootloader can no longer be updated.

For corporate environments, Microsoft has added a new group policy called “LimitSecureBootRequiredServiceData”. This allows IT administrators to control the handling of secure boot certificates in more detail across an entire fleet of devices.

Installation data and known limitations

Internal tests have shown that the update process is relatively efficient: the download phase takes around five minutes and the installation is completed within two minutes.

In terms of stability, there are no new documented issues caused by this particular patch. However, Microsoft continues to point out a well-known issue related to BitLocker. Some users may be redirected to a recovery screen where a recovery key is requested. This particular bug is limited to enterprise configurations where the TPM platform validation profile has been manually enabled for the native UEFI firmware configuration policy, as it is disabled by default on standard installations.