Microsoft January 2026 Windows Updates Trigger Remote Desktop Credential Failures and Secure Launch Shutdown Bug
Microsoft’s January 2026 Windows security updates introduced regressions that disrupted enterprise endpoints, including Remote Desktop authentication failures affecting access to Azure Virtual Desktop and Windows 365. After installing KB5074109 on specific Windows client builds (noted as Builds 26200.7623 and 26100.7623), users reported repeated credential prompt/sign-in failures in the Windows App, preventing successful remote session establishment; Microsoft acknowledged the issue and issued an out-of-band update intended to restore normal Remote Desktop connectivity.
Separately, Microsoft confirmed another January patch-related issue on Windows 11 23H2 where some systems with Secure Launch enabled may fail to shut down, restart, or hibernate, leaving devices running and potentially draining batteries. As a workaround, Microsoft advised forcing shutdown via the command:
shutdown /s /t 0
Microsoft indicated a permanent fix would be delivered in a future update, but did not provide scope/impact metrics for affected devices.
Timeline
Jan 18, 2026
Microsoft provides manual deployment and KIR mitigations for affected enterprises
Microsoft said the out-of-band fixes would not be delivered automatically through Windows Update and must be manually installed from the Microsoft Update Catalog. For organizations unable to deploy the emergency updates immediately, Microsoft also provided Known Issue Rollback packages via Group Policy to mitigate the remote desktop and Cloud PC connectivity issue.
Jan 18, 2026
Microsoft releases emergency fix KB5077744 for Remote Desktop sign-in failures
Microsoft issued a standalone out-of-band update, KB5077744, to remediate credential prompt loops and authentication failures in the Windows App that disrupted access to Azure Virtual Desktop and Windows 365 Cloud PCs after KB5074109. Microsoft told administrators to deploy the fix through the Update Catalog or enterprise management tools without uninstalling the January security update.
Jan 17, 2026
Microsoft releases OOB update KB5077797 for Windows 11 23H2
On January 17, Microsoft published an out-of-band update, KB5077797, to fix the Windows 11 23H2 shutdown/hibernate bug introduced by January Patch Tuesday. The same emergency update also addressed Remote Desktop credential prompt and sign-in failures affecting some remote connection scenarios.
Jan 16, 2026
Microsoft confirms Windows 11 23H2 shutdown and hibernation regression
Microsoft acknowledged that some Windows 11 23H2 devices, especially those with Secure Launch enabled, could fail to shut down, restart, or hibernate properly after the January updates. The company advised a command-line shutdown workaround while saying a future update would provide a fix.
Jan 13, 2026
Microsoft releases January 2026 Patch Tuesday security updates
Microsoft issued its January 2026 Patch Tuesday updates for supported Windows versions. After deployment, the updates were found to introduce regressions affecting shutdown/hibernate behavior on some Windows 11 23H2 systems and Remote Desktop-related sign-in flows.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Windows 11 January Security Update KB5074109 Triggers Widespread Stability and Remote Desktop Issues
Microsoft’s January 2026 Patch Tuesday release for Windows 11 (notably **KB5074109** for 24H2/25H2) delivered roughly 100+ security fixes (including reported **zero-days**) but also introduced significant reliability regressions. Reported impacts include **system lockups**, **black screens** on systems with Nvidia/AMD GPUs, graphics-related hangs in GPU/DirectX-intensive applications, and application failures such as **Outlook Classic** freezing or failing to launch; additional issues were reported with File Explorer behavior and cloud-backed storage workflows (e.g., OneDrive/Dropbox) causing apps to become unresponsive when saving or syncing data.
1 months ago
Microsoft Windows January Updates Trigger Shutdown/Reboot Bug on VSM-Enabled Systems
Microsoft confirmed a **known issue** introduced by January Windows updates that can prevent affected PCs from shutting down properly, sometimes causing an unexpected reboot when users attempt to shut down. The problem is tied to systems with **Virtual Secure Mode (VSM)** / **Virtualization-Based Security (VBS)** enabled, which uses hardware virtualization to create a protected “secure kernel” intended to isolate sensitive assets (e.g., credentials, cryptographic keys, and security tokens) and underpin features like **Credential Guard**, **Device Guard**, and **Hypervisor-Protected Code Integrity**. Microsoft reports the issue affects **Windows 10 22H2**, **Windows 10 Enterprise LTSC 2021**, and **Windows 10 Enterprise LTSC 2019** when VSM is enabled and the **KB5078131** or **KB5073724** updates are installed; it was previously observed on **Windows 11 23H2** systems with **KB5073455** and **System Guard Secure Launch** enabled. As a temporary workaround, Microsoft advises impacted users to shut down via command line using `shutdown /s /t 0` while a broader fix for VSM-enabled systems is developed (with out-of-band updates already issued for the Windows 11 variant).
1 months ago
Microsoft Windows Updates: MOTW Bypass Patch and Windows 11 Shutdown Regression
Microsoft issued security updates to remediate a Windows Remote Assistance protection-mechanism failure, **CVE-2026-20824**, that can allow attackers to **bypass Mark of the Web (MOTW)**—a key Windows control used to flag and apply additional restrictions to files originating from the internet. Reporting notes the issue is not “wormable” and requires local execution plus user interaction, but it can materially weaken common download-based defenses and be chained with other techniques to increase the likelihood of successful payload execution. Separately, Microsoft released an **out-of-band/emergency fix** after a Patch Tuesday update introduced a Windows 11 23H2 regression where some systems configured with **Secure Launch** restart instead of shutting down (and may also fail to hibernate). A documented workaround for affected endpoints is to invoke shutdown via Command Prompt using: ``` shutdown /s /t 0 ``` Other items in the set are not part of these Windows security/patch events: a PowerToys feature update, an iOS upgrade opinion piece, and a Windows 11 edition comparison.
1 months ago