Microsoft has released the KB5058379 cumulative update for Windows 10 22H2 and Windows 10 21H2, with four fixes and changes, including one for an SGRMBroker bug.
The Windows 10 KB5058379 update is mandatory as it contains Microsoft’s May 2025 Patch Tuesday security updates, which fix seven zero-day vulnerabilities.
Windows users can install this update by going into Settings, clicking on Windows Update, and manually performing a ‘Check for Updates.’
However, as this update is mandatory, it will automatically start installing in Windows once you check for updates. To make this more manageable, you can schedule a time when your computer is restarted to finish the installation.
After installing this update, Windows 10 22H2 will be updated to build 19045.5854 and Windows 10 21H2 will be build 19044.5854.
Windows 10 users can also manually download and install the KB5058379 update from the Microsoft Update Catalog.
What’s new in Windows 10 KB5058379
The KB5058379 update includes four changes and fixes in Windows 10, including a fix for the long-standing System Guard Runtime Monitor Broker error messages in Event Viewer.
The four changes and fixes are listed below:
-
[Graphics] Fix: The check for GPU paravirtualization was case-sensitive in Windows Subsystem for Linux 2 (WSL2). This issue might potentially cause GPU paravirtualization support to fail.
-
[OS Security] Updates to the Windows Kernel Vulnerable Driver Blocklist (DriverSiPolicy.p7b). Additions have been made to blocklist drivers with security vulnerabilities that have been used in Bring Your Own Vulnerable Driver (BYOVD) attacks.
-
[System Guard Runtime Monitor Broker service (Known issue)] Fixed: The Windows Event Viewer might display an error related to SgrmBroker.exe, on devices that have installed Windows updates released January 14, 2025, or later. This error can be found under Windows Logs > System as Event 7023, with text similar to ‘The System Guard Runtime Monitor Broker service terminated with the following error: %%3489660935’.
-
21H2 only – [Secure Boot Advanced Targeting (SBAT) and Linux Extensible Firmware Interface (EFI)] This update applies improvements to SBAT for the detection of Linux systems.
Microsoft says there is only one known issue, which has been a problem since the January 2025 updates.
Since then, Windows updates may fail if the Citrix Session Recording Agent (SRA) version 2411 is installed on the device.
“As a workaround, stop the Session Recording Monitoring service, install the Microsoft security update, and enable the Session Recording Monitoring service,” explains a Citrix support bulletin.
A complete list of fixes can be found in the KB5058379 support bulletin and last month’s KB5055612 preview update bulletin.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.