KB5072033 is the December 9, 2025 cumulative update for Windows 11 versions 24H2 and 25H2. It is a Patch Tuesday security update, but it also rolls in a long list of feature tweaks and fixes that were tested in the earlier December preview build.
Once installed, the OS build numbers move to 26100.7462 on Windows 11 24H2 and 26200.7462 on Windows 11 25H2. On both, you get identical fixes and features.
What KB5072033 includes (high‑level)
KB5072033 does three broad things:
- Applies December 2025 security fixes, including changes in PowerShell 5.1 and the Windows servicing stack.
- Brings over non‑security changes that were previously delivered as the December 1 optional preview (KB5070311).
- Updates AI component packages that ship with Copilot+ PC features, without changing behavior on non‑Copilot+ hardware.
The update also continues Microsoft’s newer, simplified naming for monthly patches, so you’ll see it listed as “2025‑12 Security Update (KB5072033)” in Windows Update.
Visual and UX changes in KB5072033
File Explorer dark mode dialogs
One of the most visible changes is that File Explorer’s operation dialogs now properly respect dark mode. When Windows is set to use a dark theme, the following now render with a dark background and updated color accents instead of the old light UI:
- Copy, move, and delete confirmation dialogs.
- File transfer progress windows, including progress bars and chart views.
- Confirmation and conflict dialogs (skip, overwrite, file selection), along with common error dialogs.
KB5072033 also fixes a regression where File Explorer could briefly flash white while you navigated between pages or tabs after installing the December preview build. Microsoft still describes this as a “known issue” being actively worked on, but the production patch reduces white flashes for many users.
Start menu and search alignment
On systems that already have the new Start menu layout, Windows Search now matches the Start menu’s height. Previously, Search opened in a shorter panel, which left an awkward visual jump as you moved between the two. The alignment is purely cosmetic but makes the shell feel more consistent.
Note: the redesigned Start menu and this new Search panel sizing are still rolling out in stages, so some systems on 24H2/25H2 with KB5072033 will not see the new layouts yet.
Advanced Settings and Virtual Workspaces
Settings gains a more capable “Advanced” section (replacing the older “For developers” entry) that centralizes controls for virtualized environments under a new “Virtual Workspaces” area. From here you can toggle:
- Containers for container workloads such as Docker.
- Guarded Host to support shielded, tamper‑resistant virtual machines.
- Virtual Machine Platform, which underpins features like WSL2.
- Windows Hypervisor Platform for third‑party hypervisors and emulators.
- Windows Sandbox, which previously lived only in optional features and Control Panel.
The goal is to make it easier to discover and manage virtualization‑related capabilities without hunting through legacy panels.
Settings, widgets, and small shell improvements
Several other UX areas get incremental updates:
- Keyboard behavior for character repeat delay/rate and cursor blink rate moves from Control Panel into Settings under Accessibility. Functionality remains the same but lives where newer Windows users expect it.
- Settings layout is reworked so that device details and related options (including storage) are grouped more logically on their respective pages.
- Widgets gain a default dashboard selector and numerical badges on dashboard icons to reflect the count of new alerts. Badges clear automatically when you leave a dashboard.
- Taskbar app groups now animate more smoothly when you hover and move between previews, giving a clearer sense of which window you’re about to select.
- Game Pass branding references in Settings are updated to match Microsoft’s current naming and benefits.
- OneDrive now surfaces a refreshed icon and entry point on the Settings > Accounts homepage.
Quick Machine Recovery also gains a one‑time scan behavior on PCs with that option enabled, guiding you to appropriate recovery options if no automatic fix is immediately available.
File sharing, mobile devices, and Copilot integration
Drag tray and Windows Share
Windows Share’s “drag tray” gets more useful in this release. Dragging files to the top area of the screen now supports:
- Multi‑file sharing, not just a single file.
- More relevant target apps and easier moving of files into chosen folders.
- Sharing OneDrive files through other apps using the “Copy link” flow, as long as you are signed into a Microsoft account.
The drag tray can be toggled on or off in Settings > System > Nearby sharing.
Mobile device integration
A new “Mobile Devices” page under Settings > Bluetooth & Devices lets you add and manage phones more centrally. From there you can control features such as using the device as a connected camera or accessing phone files in File Explorer. This doesn’t replace the Phone Link app, but it surfaces key hooks inside core Settings.
Copilot on the taskbar
Copilot continues its push deeper into the desktop. KB5072033 adds the ability to share an individual window directly with Copilot from the taskbar:
- Hover over an open app’s taskbar icon.
- Use the new Share with Copilot option to send that window’s content into a Copilot conversation.
Copilot Vision then analyzes whatever is visible in that window and responds based on the content. The flow mirrors how window sharing works with Microsoft Teams.
Gaming and display fixes in KB5072033
Full screen experience on Windows handhelds
Windows 11’s full screen experience (FSE) for handheld PCs expands beyond the initial ASUS ROG Ally models to more handheld devices. FSE provides a console‑like home screen built around the Xbox app, hides desktop elements, and minimizes background tasks to keep more resources pointed at games.
On supported handhelds you can enable it under Settings > Gaming > Full screen experience and set Xbox as the home app. It can be launched from Task View or Game Bar, or configured to start automatically when the device boots.
On traditional laptops and desktops, FSE is still being staged and may not appear until later in 2026.
Graphics and high‑refresh displays
Display and graphics handling sees subtle but important work:
- App queries for full monitor mode lists are optimized to avoid the short stutters some users saw on very high‑resolution or high‑refresh displays.
- A bug that caused brightness settings not to “stick” in some scenarios is addressed.
Microsoft has also shipped fixes in this and the preceding preview update for issues where some GPUs were mistakenly reported as “unsupported.” While driver‑level problems still exist on some AMD Radeon configurations, KB5072033 is part of the broader effort to stabilize modern GPUs and reduce timeouts and “GPU hung” or “driver removed” errors in certain games when used with current Radeon Adrenalin drivers.
Input and hardware tweaks
Beyond graphics, the update includes smaller quality‑of‑life adjustments:
- Haptic pens can now provide tactile feedback when you hover over UI elements like close buttons or when snapping and resizing windows.
- Keyboard backlight control on supported HID‑compliant keyboards is tuned for clearer key visibility in low light and more efficient power usage.
- Keyboard backlight bugs on certain models that failed to behave as expected after wake or reboot are corrected.
Security changes and servicing stack update
PowerShell 5.1 Invoke‑WebRequest warning
KB5072033 introduces a security‑focused change in Windows PowerShell 5.1. The Invoke-WebRequest cmdlet now shows a confirmation prompt warning about script execution risk when you run web content. You can choose to continue or cancel the call.
This mitigation is tied to vulnerability CVE-2025-54100 and the dedicated PowerShell documentation under “PowerShell 5.1: Preventing script execution from web content.” It is aimed squarely at reducing the risk of unintentionally running dangerous scripts fetched from external URLs.
Servicing stack update KB5071142
Alongside the main cumulative update, Windows 11 24H2/25H2 receives servicing stack update KB5071142, bringing the servicing stack to version 26100.7295. The servicing stack is the component that installs Windows updates; keeping it up to date reduces the chance of future updates failing or partially installing.
You do not manage the servicing stack separately. On supported systems, the SSU is bundled with the cumulative update and installed as part of the same operation. Once installed, it cannot be removed independently.
AI component payloads and update size
KB5072033 includes updated AI component packages such as Image Search, Content Extraction, Semantic Analysis, and Settings Model, all at version 1.2511.1224.0. These apply only to Copilot+ PCs that meet the hardware requirements for advanced on‑device AI features.
On regular PCs and on Windows Server 2025, the AI components are present in the update payload but do not install. Their inclusion is one reason the Microsoft Update Catalog packages are large—around 4.2 GB for x64 Windows 11 builds and roughly 3.9 GB for ARM64 builds.
Known issue: missing password icon on the lock screen
KB5072033 inherits a known issue introduced in the August 29, 2025 non‑security preview (KB5064081) and later builds: the password icon can disappear from the lock screen sign‑in options.
Functionally, the password method is still there, but the icon is invisible. If you hover where the icon should be, the clickable area remains and will open the password text box. After entering your password, you can sign in normally.
This primarily affects enterprise or managed environments; Home and Pro devices used personally are unlikely to be hit.
Mitigating the lock screen password icon bug (IT admins)
Microsoft is using Known Issue Rollback (KIR) to mitigate this, and provides a special Group Policy package so IT departments can force the rollback on affected fleets.
Step 1: Download the KIR Group Policy MSI that matches your OS version from Microsoft’s download page for “Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5072033 Known Issue Rollback.”
Step 2: Install the MSI on a management workstation or domain controller. This adds a new Administrative Template entry under Computer Configuration > Administrative Templates with a name specific to the KB5072033 rollback.
Step 3: Create or edit a Group Policy Object that targets the affected devices, and enable the new rollback policy setting under that path.
Step 4: Force a Group Policy update on client machines (for example using gpupdate /force) or wait for the normal refresh interval, then restart the devices so the rollback applies.
Enabling the KIR policy temporarily disables the underlying change that caused the icon to disappear. Microsoft plans a permanent fix in a future cumulative update.
How to install KB5072033 on Windows 11
Install via Windows Update (recommended)
For most users and organizations using Windows Update for Business, KB5072033 arrives automatically.
Step 1: Open Settings from the Start menu.
Step 2: Go to Windows Update and select Check for updates. Windows should detect “2025‑12 Security Update (KB5072033)” for Windows 11 24H2 or 25H2.
Step 3: Allow the update to download and install. A restart will be required to complete the process.
On managed devices, installation behavior follows your existing Windows Update for Business or WSUS policies.
Install KB5072033 manually with Microsoft Update Catalog
For offline machines or tightly controlled environments, the update can be installed using standalone MSU packages from Microsoft Update Catalog.
Step 1: Visit the Microsoft Update Catalog search page and search for KB5072033 at https://www.catalog.update.microsoft.com/Search.aspx?q=KB5072033.
Step 2: Choose the package that matches your OS version and architecture. For Windows 11 you’ll see separate entries for 24H2/25H2 x64, 24H2/25H2 ARM64, and Microsoft Server operating system version 24H2.
Step 3: Download the relevant .msu file(s). For 24H2/25H2 x64 Windows 11 clients, the main file is around 4.3 GB.
Step 4: Install using one of these methods:
- Double‑click the MSU file to run Windows Update Standalone Installer.
- From an elevated Command Prompt on a running system, run:
DISM /Online /Add-Package /PackagePath:C:\Packages\Windows11.0-KB5072033-x64.msu - From an elevated PowerShell prompt, run:
Add-WindowsPackage -Online -PackagePath "C:\Packages\Windows11.0-KB5072033-x64.msu"
When servicing offline images, use the DISM /Image path parameter instead of /Online, and point /PackagePath at the MSU stored alongside the image.
Microsoft also supports a “Method 2” flow where you install prerequisite MSU files individually in a defined order. For KB5072033, that sequence is:
| Order | File name | Purpose |
|---|---|---|
| 1 | windows11.0-kb5043080-x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu |
Earlier baseline required for this branch |
| 2 | windows11.0-kb5072033-x64_199ed7806a74fe78e3b0ef4f2073760000f71972.msu |
December 9, 2025 cumulative update |
Using the DISM /Add-Package command with a folder path containing all of the relevant MSUs allows DISM to resolve ordering automatically.
Uninstall options for KB5072033
Because the servicing stack update is combined with the latest cumulative update, the standard wusa.exe /uninstall method cannot remove the entire package.
Step 1: Open an elevated Command Prompt.
Step 2: Run DISM /Online /Get-Packages and locate the entry corresponding to the KB5072033 LCU.
Step 3: Use DISM /Online /Remove-Package /PackageName:PACKAGENAME, substituting the exact package name string you identified.
The servicing stack portion of the combined update is permanent, so only the LCU payload is removed.
With KB5072033, Windows 11 24H2 and 25H2 close out 2025 with a mix of security hardening, cosmetic clean‑up, and targeted fixes for gamers and power users. Optional non‑security preview updates will pause for the rest of December and resume in January 2026, but this Patch Tuesday release will remain the baseline for supported devices through the holiday period.
