Microsoft January 2026 Windows Updates Trigger Remote Desktop Credential Failures and Secure Launch Shutdown Bug
Microsoft’s January 2026 Windows security updates introduced regressions that disrupted enterprise endpoints, including Remote Desktop authentication failures affecting access to Azure Virtual Desktop and Windows 365. After installing KB5074109 on specific Windows client builds (noted as Builds 26200.7623 and 26100.7623), users reported repeated credential prompt/sign-in failures in the Windows App, preventing successful remote session establishment; Microsoft acknowledged the issue and issued an out-of-band update intended to restore normal Remote Desktop connectivity.
Separately, Microsoft confirmed another January patch-related issue on Windows 11 23H2 where some systems with Secure Launch enabled may fail to shut down, restart, or hibernate, leaving devices running and potentially draining batteries. As a workaround, Microsoft advised forcing shutdown via the command:
shutdown /s /t 0
Microsoft indicated a permanent fix would be delivered in a future update, but did not provide scope/impact metrics for affected devices.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Microsoft provides manual deployment and KIR mitigations for affected enterprises
Microsoft said the out-of-band fixes would not be delivered automatically through Windows Update and must be manually installed from the Microsoft Update Catalog. For organizations unable to deploy the emergency updates immediately, Microsoft also provided Known Issue Rollback packages via Group Policy to mitigate the remote desktop and Cloud PC connectivity issue.
Microsoft releases emergency fix KB5077744 for Remote Desktop sign-in failures
Microsoft issued a standalone out-of-band update, KB5077744, to remediate credential prompt loops and authentication failures in the Windows App that disrupted access to Azure Virtual Desktop and Windows 365 Cloud PCs after KB5074109. Microsoft told administrators to deploy the fix through the Update Catalog or enterprise management tools without uninstalling the January security update.
Microsoft releases OOB update KB5077797 for Windows 11 23H2
On January 17, Microsoft published an out-of-band update, KB5077797, to fix the Windows 11 23H2 shutdown/hibernate bug introduced by January Patch Tuesday. The same emergency update also addressed Remote Desktop credential prompt and sign-in failures affecting some remote connection scenarios.
Microsoft confirms Windows 11 23H2 shutdown and hibernation regression
Microsoft acknowledged that some Windows 11 23H2 devices, especially those with Secure Launch enabled, could fail to shut down, restart, or hibernate properly after the January updates. The company advised a command-line shutdown workaround while saying a future update would provide a fix.
Microsoft releases January 2026 Patch Tuesday security updates
Microsoft issued its January 2026 Patch Tuesday updates for supported Windows versions. After deployment, the updates were found to introduce regressions affecting shutdown/hibernate behavior on some Windows 11 23H2 systems and Remote Desktop-related sign-in flows.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Windows 11 shutdown bug forces Microsoft into damage control • The Register
go.theregister.com
Open sourceThe Patch After the Patch: Microsoft Issues Emergency Fix for Remote Desktop and Shutdown Bugs
securityonline.info
Open sourceMicrosoft releases OOB Windows updates to fix shutdown, Cloud PC bugs
bleepingcomputer.com
Open sourceMicrosoft January 2026 Security Update Causes Credential Prompt Failures in Remote Desktop Connections
cybersecuritynews.com
Open sourcePatch Tuesday update makes Windows PCs refuse to shut down • The Register
go.theregister.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Windows 11 January Security Update KB5074109 Triggers Widespread Stability and Remote Desktop Issues
Microsoft’s January 2026 Patch Tuesday release for Windows 11 (notably **KB5074109** for 24H2/25H2) delivered roughly 100+ security fixes (including reported **zero-days**) but also introduced significant reliability regressions. Reported impacts include **system lockups**, **black screens** on systems with Nvidia/AMD GPUs, graphics-related hangs in GPU/DirectX-intensive applications, and application failures such as **Outlook Classic** freezing or failing to launch; additional issues were reported with File Explorer behavior and cloud-backed storage workflows (e.g., OneDrive/Dropbox) causing apps to become unresponsive when saving or syncing data.
Mar 21, 2026
Microsoft Windows January Updates Trigger Shutdown/Reboot Bug on VSM-Enabled Systems
Microsoft confirmed a **known issue** introduced by January Windows updates that can prevent affected PCs from shutting down properly, sometimes causing an unexpected reboot when users attempt to shut down. The problem is tied to systems with **Virtual Secure Mode (VSM)** / **Virtualization-Based Security (VBS)** enabled, which uses hardware virtualization to create a protected “secure kernel” intended to isolate sensitive assets (e.g., credentials, cryptographic keys, and security tokens) and underpin features like **Credential Guard**, **Device Guard**, and **Hypervisor-Protected Code Integrity**. Microsoft reports the issue affects **Windows 10 22H2**, **Windows 10 Enterprise LTSC 2021**, and **Windows 10 Enterprise LTSC 2019** when VSM is enabled and the **KB5078131** or **KB5073724** updates are installed; it was previously observed on **Windows 11 23H2** systems with **KB5073455** and **System Guard Secure Launch** enabled. As a temporary workaround, Microsoft advises impacted users to shut down via command line using `shutdown /s /t 0` while a broader fix for VSM-enabled systems is developed (with out-of-band updates already issued for the Windows 11 variant).
Mar 21, 2026
Microsoft Windows Updates: MOTW Bypass Patch and Windows 11 Shutdown Regression
Microsoft issued security updates to remediate a Windows Remote Assistance protection-mechanism failure, **CVE-2026-20824**, that can allow attackers to **bypass Mark of the Web (MOTW)**—a key Windows control used to flag and apply additional restrictions to files originating from the internet. Reporting notes the issue is not “wormable” and requires local execution plus user interaction, but it can materially weaken common download-based defenses and be chained with other techniques to increase the likelihood of successful payload execution. Separately, Microsoft released an **out-of-band/emergency fix** after a Patch Tuesday update introduced a Windows 11 23H2 regression where some systems configured with **Secure Launch** restart instead of shutting down (and may also fail to hibernate). A documented workaround for affected endpoints is to invoke shutdown via Command Prompt using: ``` shutdown /s /t 0 ``` Other items in the set are not part of these Windows security/patch events: a PowerToys feature update, an iOS upgrade opinion piece, and a Windows 11 edition comparison.
Mar 21, 2026