Microsoft Windows January Updates Trigger Shutdown/Reboot Bug on VSM-Enabled Systems
Microsoft confirmed a known issue introduced by January Windows updates that can prevent affected PCs from shutting down properly, sometimes causing an unexpected reboot when users attempt to shut down. The problem is tied to systems with Virtual Secure Mode (VSM) / Virtualization-Based Security (VBS) enabled, which uses hardware virtualization to create a protected “secure kernel” intended to isolate sensitive assets (e.g., credentials, cryptographic keys, and security tokens) and underpin features like Credential Guard, Device Guard, and Hypervisor-Protected Code Integrity.
Microsoft reports the issue affects Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 Enterprise LTSC 2019 when VSM is enabled and the KB5078131 or KB5073724 updates are installed; it was previously observed on Windows 11 23H2 systems with KB5073455 and System Guard Secure Launch enabled. As a temporary workaround, Microsoft advises impacted users to shut down via command line using shutdown /s /t 0 while a broader fix for VSM-enabled systems is developed (with out-of-band updates already issued for the Windows 11 variant).
Sources
Related Stories
Microsoft January 2026 Windows Updates Trigger Remote Desktop Credential Failures and Secure Launch Shutdown Bug
Microsoft’s January 2026 Windows security updates introduced regressions that disrupted enterprise endpoints, including **Remote Desktop authentication failures** affecting access to *Azure Virtual Desktop* and *Windows 365*. After installing `KB5074109` on specific Windows client builds (noted as Builds **26200.7623** and **26100.7623**), users reported repeated credential prompt/sign-in failures in the **Windows App**, preventing successful remote session establishment; Microsoft acknowledged the issue and issued an **out-of-band** update intended to restore normal Remote Desktop connectivity. Separately, Microsoft confirmed another January patch-related issue on Windows 11 23H2 where some systems with **Secure Launch** enabled may **fail to shut down, restart, or hibernate**, leaving devices running and potentially draining batteries. As a workaround, Microsoft advised forcing shutdown via the command: ```cmd shutdown /s /t 0 ``` Microsoft indicated a permanent fix would be delivered in a future update, but did not provide scope/impact metrics for affected devices.
1 months ago
Microsoft Windows 11 Updates Trigger Boot Failures and Security-Driven Driver/Privilege Changes
Microsoft attributed **Windows 11 no-boot failures** seen after installing the January 2026 cumulative update `KB5074109` (Windows 11 **24H2/25H2**) to devices that had previously **failed to install the December 2025 security update** and were left in an “**improper state**” after rollback. Affected systems can crash on startup with a BSOD `UNMOUNTABLE_BOOT_VOLUME`; Microsoft said the issue appears limited to **physical devices** (no confirmed VM impact) and is working on a **partial mitigation** to prevent additional systems from entering a no-boot scenario, while continuing to investigate why some devices fail updates or end up unstable after rollback. Separately, Microsoft’s recent Windows 11 servicing and security work included **deliberately disabling legacy dial-up modem drivers** (e.g., `AGRSM64.SYS`/`AGRSM.SYS`, `SMSERL64.SYS`/`SMSERIAL.SYS`) due to reported vulnerabilities including **CVE-2023-31096** (EoP) and **CVE-2025-24052** (stack-based buffer overflow), which can present risk even if the modem hardware is unused—at the cost of breaking connectivity for niche systems relying on those drivers. Microsoft also patched **nine bypasses** reported by Google Project Zero that could undermine the new **Windows Administrator Protection** feature by enabling silent admin privilege gains via legacy Windows/UAC behaviors (including a token/Logon Sessions-related technique involving `NtQueryInformationToken` and DOS device object directory creation), ahead of broader availability beyond Insider builds.
1 months ago
Microsoft Windows Updates: MOTW Bypass Patch and Windows 11 Shutdown Regression
Microsoft issued security updates to remediate a Windows Remote Assistance protection-mechanism failure, **CVE-2026-20824**, that can allow attackers to **bypass Mark of the Web (MOTW)**—a key Windows control used to flag and apply additional restrictions to files originating from the internet. Reporting notes the issue is not “wormable” and requires local execution plus user interaction, but it can materially weaken common download-based defenses and be chained with other techniques to increase the likelihood of successful payload execution. Separately, Microsoft released an **out-of-band/emergency fix** after a Patch Tuesday update introduced a Windows 11 23H2 regression where some systems configured with **Secure Launch** restart instead of shutting down (and may also fail to hibernate). A documented workaround for affected endpoints is to invoke shutdown via Command Prompt using: ``` shutdown /s /t 0 ``` Other items in the set are not part of these Windows security/patch events: a PowerToys feature update, an iOS upgrade opinion piece, and a Windows 11 edition comparison.
1 months ago