Windows 11 January Security Updates Trigger UNMOUNTABLE_BOOT_VOLUME Boot Failures
Microsoft is investigating and has acknowledged a limited issue where some Windows 11 devices fail to boot after installing the January 2026 Patch Tuesday security updates, presenting a BSOD/black crash screen with stop code UNMOUNTABLE_BOOT_VOLUME. Impacted systems can become stuck in a restart loop and are unable to start Windows without manual recovery efforts, with Microsoft collecting reports from users and enterprise administrators to determine scope and root cause.
Reporting indicates the problem affects physical devices (with no virtual machines reported as impacted so far) and is tied to specific Windows 11 builds and cumulative updates, including Windows 11 25H2 and Windows 11 24H2 after installing KB5074109. Microsoft has not yet confirmed the underlying cause or provided a universal remediation beyond recovery steps, and is requesting affected customers submit diagnostics via the Feedback Hub while it determines whether the behavior is a regression introduced by the update.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft ships emergency Outlook update for separate January issue
Microsoft released out-of-band emergency updates to fix a separate problem causing Outlook to freeze when PST files were stored in cloud services such as OneDrive or Dropbox. Reports noted that no equivalent fix was yet available for the Windows 11 unbootable-system issue.
Microsoft acknowledges and investigates the Windows 11 boot issue
Microsoft confirmed it was investigating reports that some physical Windows 11 devices fail to boot after the January 2026 update, while saying it had not seen the issue in virtual machines. The company asked impacted users and administrators to submit diagnostics through Feedback Hub as it worked to determine the root cause and scope.
Users report Windows 11 boot failures after installing KB5074109
After installing the January 2026 cumulative security update, some Windows 11 devices reportedly failed to boot and displayed an "UNMOUNTABLE_BOOT_VOLUME" blue screen error. Affected systems could not complete automatic restart and required manual recovery steps such as using the Windows Recovery Environment to remove the update.
Microsoft releases January 2026 Windows 11 security updates
Microsoft began rolling out the January 2026 Patch Tuesday security updates, including cumulative update KB5074109, starting on 2026-01-13. The update later became linked to boot failures on some Windows 11 24H2 and 25H2 systems.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Some PCs can't boot after latest Windows 11 security update, no fix in sight -mostly affects 24H2 and 25H2 versions | Tom's Hardware
tomshardware.com
Open sourceBoot Loop Nightmare: Microsoft Confirms Windows 11 January Update Causes System-Killing BSOD
securityonline.info
Open sourceMicrosoft investigates Windows 11 boot failures after January updates
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Windows 11 KB5077181 Patch Tuesday Update Triggers and Fixes Boot Failures
Microsoft’s February 2026 Windows 11 cumulative security update **KB5077181** (for versions **24H2** and **25H2**) was associated with significant boot reliability issues reported shortly after deployment, including systems entering **infinite restart loops** and failing to reach the desktop. Reports described login-time errors (including **System Event Notification Service (SENS)** procedure errors) and network symptoms such as **DHCP failures**, while Microsoft’s public release notes and health dashboard were reported as not listing known issues at the time. The update also shipped broad security remediation, with reporting citing **58 vulnerabilities** addressed and **six actively exploited zero-days** referenced via CISA’s **Known Exploited Vulnerabilities** catalog, including fixes for issues such as SmartScreen bypass (`CVE-2026-21510`), Desktop Window Manager EoP (`CVE-2026-21519`), Remote Desktop Services EoP (`CVE-2026-21533`), and a Notepad RCE via crafted Markdown (`CVE-2026-20841`). Separately, Microsoft stated that **KB5077181** fully resolved a specific Windows 11 boot failure condition affecting a limited set of **commercial physical devices** on **24H2/25H2** that could become unbootable (e.g., **"UNMOUNTABLE_BOOT_VOLUME"**) after installing **KB5074109** or later updates when a **December 2025** security update had previously failed and rolled back, leaving the OS in an “improper state.” Microsoft indicated an earlier mitigation shipped in the optional preview update **KB5074105** (Jan 29, 2026) to prevent additional devices from being impacted, and that the February Patch Tuesday release delivered the complete fix; the issue was not reported as affecting home users or virtual machines.
Mar 21, 2026
Microsoft Windows 11 Updates Trigger Boot Failures and Security-Driven Driver/Privilege Changes
Microsoft attributed **Windows 11 no-boot failures** seen after installing the January 2026 cumulative update `KB5074109` (Windows 11 **24H2/25H2**) to devices that had previously **failed to install the December 2025 security update** and were left in an “**improper state**” after rollback. Affected systems can crash on startup with a BSOD `UNMOUNTABLE_BOOT_VOLUME`; Microsoft said the issue appears limited to **physical devices** (no confirmed VM impact) and is working on a **partial mitigation** to prevent additional systems from entering a no-boot scenario, while continuing to investigate why some devices fail updates or end up unstable after rollback. Separately, Microsoft’s recent Windows 11 servicing and security work included **deliberately disabling legacy dial-up modem drivers** (e.g., `AGRSM64.SYS`/`AGRSM.SYS`, `SMSERL64.SYS`/`SMSERIAL.SYS`) due to reported vulnerabilities including **CVE-2023-31096** (EoP) and **CVE-2025-24052** (stack-based buffer overflow), which can present risk even if the modem hardware is unused—at the cost of breaking connectivity for niche systems relying on those drivers. Microsoft also patched **nine bypasses** reported by Google Project Zero that could undermine the new **Windows Administrator Protection** feature by enabling silent admin privilege gains via legacy Windows/UAC behaviors (including a token/Logon Sessions-related technique involving `NtQueryInformationToken` and DOS device object directory creation), ahead of broader availability beyond Insider builds.
Mar 21, 2026
Windows 11 KB5094126 Triggers Boot Failures, BitLocker Recovery, and Explorer Sync Breakage
Microsoft’s Windows 11 cumulative update `KB5094126` is causing serious post-installation failures on some systems after its release with roughly 200 security fixes, including 33 critical flaws and five zero-days. Users reported freezes shortly after boot, black screens, boot loops, BSODs, and repeated BitLocker recovery prompts, including on devices where BitLocker was believed to be disabled. Reports indicate the problems are hitting some HP models particularly hard, with Secure Boot certificate changes and interactions with BIOS/UEFI settings and undersized or crowded EFI partitions emerging as likely factors. The update is also disrupting enterprise and productivity workflows by breaking File Explorer integration for OneDrive and, in some cases, Dropbox and iCloud Drive, while some affected machines reportedly lose LAN access even though internet connectivity remains available. Administrators and users have resorted to Windows Recovery Environment to remove the patch, and some systems reportedly required full Windows reinstalls after recovery complications. A widely shared workaround has been to temporarily disable Secure Boot, complete boot and update recovery, then re-enable Secure Boot after updating BIOS/UEFI firmware, though Microsoft had not formally acknowledged the full scope of the issues in the update documentation at the time of reporting.
Jun 20, 2026