Windows 11 Reliability Backlash and KB5074105 Preview Update Fixes
Microsoft reported over 1 billion monthly active Windows 11 users, but user sentiment remains negative, with prominent complaints focused on buggy updates, perceived reliability regressions, and unwanted feature changes (including AI-related additions). Microsoft leadership publicly acknowledged the feedback and said the company will prioritize performance, reliability, and overall user experience improvements to rebuild trust.
Microsoft also released the KB5074105 optional non-security preview cumulative update for Windows 11 (24H2/25H2), positioned as an end-of-month quality update ahead of the next Patch Tuesday. KB5074105 includes dozens of changes and targets operational issues including boot problems (e.g., startup hangs when Windows Boot Manager debugging is enabled and iSCSI boot failures with Inaccessible Boot Device), sign-in issues (including Explorer.exe hanging on first login under certain startup-app configurations), and activation/license migration failures during upgrades when devices cannot register with the Windows Activation server; the update is available via Windows Update or manual download from the Microsoft Update Catalog.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Windows 11 surpasses 1 billion monthly active users
Microsoft reported that Windows 11 had exceeded 1 billion monthly active users, a milestone cited in coverage discussing the platform's growth after the end of Windows 10 support. The same reporting noted ongoing user dissatisfaction with reliability, monetization, and AI feature rollouts.
Microsoft announces separate Windows Server 2025 KB identifiers
Microsoft said that starting with the January 2026 security update, Windows Server 2025 would use separate KB identifiers and build numbers from Windows 11 to reduce administrative confusion. The company also said it was simplifying Windows update titles by removing unnecessary technical elements.
Microsoft expands Cross-Device Resume and Windows Hello ESS support
With KB5074105, Microsoft expanded Cross-Device Resume so users can continue activities from Android phones on PCs and extended Windows Hello Enhanced Sign-in Security to support peripheral fingerprint sensors.
KB5074105 fixes Windows 11 boot, sign-in, activation, and stability issues
The KB5074105 update addresses multiple Windows 11 problems, including sign-in, boot, activation, Windows Terminal elevation from non-admin accounts, dxgmms2.sys-related KERNEL_SECURITY_CHECK_FAILURE errors on some GPU configurations, and Windows Sandbox startup hangs with error 0x800705b4.
Microsoft releases Windows 11 KB5074105 preview update
Microsoft released the optional end-of-month non-security cumulative update KB5074105 for Windows 11. The update includes 32 quality changes and fixes and advances Windows 11 25H2 and 24H2 systems to builds 26200.7705 and 26100.7705, respectively.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Windows 11 25H2/24H2 Preview Updates Add AI Features and Flag Secure Boot Certificate Expiration
Microsoft began rolling out **Windows 11 preview updates** for versions **25H2 and 24H2** (including the optional non-security preview update `KB5074105` and Release Preview builds `26200.7701`/`26100.7701`) focused on functionality, performance, and reliability improvements rather than patching new security vulnerabilities. The updates emphasize expanded **AI-driven experiences** (including refinements to Copilot+ PC-related models and more natural-language assistance within Settings), along with usability changes and a simplified Windows update title format intended to reduce administrative friction in tools like **WSUS** and **Microsoft Configuration Manager**. Alongside these feature updates, Microsoft highlighted an operational security risk: **Windows Secure Boot certificates** used by most Windows devices are expected to begin expiring in **June 2026**, and organizations that do not update Certificate Authority (CA) material in time may face devices that cannot boot securely. Separately, consumer guidance circulated on bypassing Windows 11 hardware eligibility checks (notably **TPM 2.0** requirements) to upgrade “unsupported” PCs; while this may extend device usability after Windows 10 support ended, it can also undermine Microsoft’s intended security baseline and increase enterprise risk if adopted outside controlled policy.
Mar 21, 2026
Windows 11 KB5077181 Patch Tuesday Update Triggers and Fixes Boot Failures
Microsoft’s February 2026 Windows 11 cumulative security update **KB5077181** (for versions **24H2** and **25H2**) was associated with significant boot reliability issues reported shortly after deployment, including systems entering **infinite restart loops** and failing to reach the desktop. Reports described login-time errors (including **System Event Notification Service (SENS)** procedure errors) and network symptoms such as **DHCP failures**, while Microsoft’s public release notes and health dashboard were reported as not listing known issues at the time. The update also shipped broad security remediation, with reporting citing **58 vulnerabilities** addressed and **six actively exploited zero-days** referenced via CISA’s **Known Exploited Vulnerabilities** catalog, including fixes for issues such as SmartScreen bypass (`CVE-2026-21510`), Desktop Window Manager EoP (`CVE-2026-21519`), Remote Desktop Services EoP (`CVE-2026-21533`), and a Notepad RCE via crafted Markdown (`CVE-2026-20841`). Separately, Microsoft stated that **KB5077181** fully resolved a specific Windows 11 boot failure condition affecting a limited set of **commercial physical devices** on **24H2/25H2** that could become unbootable (e.g., **"UNMOUNTABLE_BOOT_VOLUME"**) after installing **KB5074109** or later updates when a **December 2025** security update had previously failed and rolled back, leaving the OS in an “improper state.” Microsoft indicated an earlier mitigation shipped in the optional preview update **KB5074105** (Jan 29, 2026) to prevent additional devices from being impacted, and that the February Patch Tuesday release delivered the complete fix; the issue was not reported as affecting home users or virtual machines.
Mar 21, 2026
Windows 11 January Security Update KB5074109 Triggers Widespread Stability and Remote Desktop Issues
Microsoft’s January 2026 Patch Tuesday release for Windows 11 (notably **KB5074109** for 24H2/25H2) delivered roughly 100+ security fixes (including reported **zero-days**) but also introduced significant reliability regressions. Reported impacts include **system lockups**, **black screens** on systems with Nvidia/AMD GPUs, graphics-related hangs in GPU/DirectX-intensive applications, and application failures such as **Outlook Classic** freezing or failing to launch; additional issues were reported with File Explorer behavior and cloud-backed storage workflows (e.g., OneDrive/Dropbox) causing apps to become unresponsive when saving or syncing data.
Mar 21, 2026