Microsoft Windows 11 Updates Trigger Boot Failures and Security-Driven Driver/Privilege Changes
Microsoft attributed Windows 11 no-boot failures seen after installing the January 2026 cumulative update KB5074109 (Windows 11 24H2/25H2) to devices that had previously failed to install the December 2025 security update and were left in an “improper state” after rollback. Affected systems can crash on startup with a BSOD UNMOUNTABLE_BOOT_VOLUME; Microsoft said the issue appears limited to physical devices (no confirmed VM impact) and is working on a partial mitigation to prevent additional systems from entering a no-boot scenario, while continuing to investigate why some devices fail updates or end up unstable after rollback.
Separately, Microsoft’s recent Windows 11 servicing and security work included deliberately disabling legacy dial-up modem drivers (e.g., AGRSM64.SYS/AGRSM.SYS, SMSERL64.SYS/SMSERIAL.SYS) due to reported vulnerabilities including CVE-2023-31096 (EoP) and CVE-2025-24052 (stack-based buffer overflow), which can present risk even if the modem hardware is unused—at the cost of breaking connectivity for niche systems relying on those drivers. Microsoft also patched nine bypasses reported by Google Project Zero that could undermine the new Windows Administrator Protection feature by enabling silent admin privilege gains via legacy Windows/UAC behaviors (including a token/Logon Sessions-related technique involving NtQueryInformationToken and DOS device object directory creation), ahead of broader availability beyond Insider builds.
Timeline
Jan 30, 2026
Microsoft links January boot failures to failed December 2025 update
Microsoft said the Windows 11 boot failures were caused by systems left in an improper state after failed December 2025 security update installations and rollbacks. The company also said it was developing a partial mitigation to stop more devices from becoming unbootable during future update attempts.
Jan 29, 2026
Windows 11 cumulative updates disable legacy modem drivers
Recent Windows 11 cumulative updates intentionally decommissioned several legacy modem drivers, including Agere and Motorola soft-modem components, because of serious security vulnerabilities such as CVE-2023-31096 and CVE-2025-24052.
Jan 1, 2026
January 2026 cumulative update triggers Windows 11 boot failures
After installing the January 2026 cumulative update KB5074109 on Windows 11 24H2 and 25H2, some affected devices failed to boot and displayed a BSOD with the stop code UNMOUNTABLE_BOOT_VOLUME.
Jan 1, 2026
Administrator Protection becomes available in Windows Insider Canary builds
Earlier in January 2026, Microsoft made the new Windows Administrator Protection feature available to users in Windows Insider Canary builds, though it was not yet generally available.
Jan 1, 2026
Microsoft patches Administrator Protection bypass vulnerabilities
Shortly before Windows Administrator Protection became available to users earlier in January 2026, Microsoft patched multiple flaws, including a DOS device object directory issue involving shadow admin token impersonation.
Dec 1, 2025
Failed December 2025 Windows security update leaves some systems in improper state
During the December 2025 update cycle, some Windows 11 devices failed to install the security update and rolled back into an 'improper state.' Microsoft later said this condition set up affected systems for later boot failures.
Dec 1, 2025
Google Project Zero reports nine Administrator Protection bypass issues
In December 2025, Google Project Zero researcher James Forshaw reported nine vulnerabilities that could bypass Windows Administrator Protection, largely by exploiting known UAC-related behaviors to silently gain administrator privileges.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
Related Stories
Windows 11 KB5077181 Patch Tuesday Update Triggers and Fixes Boot Failures
Microsoft’s February 2026 Windows 11 cumulative security update **KB5077181** (for versions **24H2** and **25H2**) was associated with significant boot reliability issues reported shortly after deployment, including systems entering **infinite restart loops** and failing to reach the desktop. Reports described login-time errors (including **System Event Notification Service (SENS)** procedure errors) and network symptoms such as **DHCP failures**, while Microsoft’s public release notes and health dashboard were reported as not listing known issues at the time. The update also shipped broad security remediation, with reporting citing **58 vulnerabilities** addressed and **six actively exploited zero-days** referenced via CISA’s **Known Exploited Vulnerabilities** catalog, including fixes for issues such as SmartScreen bypass (`CVE-2026-21510`), Desktop Window Manager EoP (`CVE-2026-21519`), Remote Desktop Services EoP (`CVE-2026-21533`), and a Notepad RCE via crafted Markdown (`CVE-2026-20841`). Separately, Microsoft stated that **KB5077181** fully resolved a specific Windows 11 boot failure condition affecting a limited set of **commercial physical devices** on **24H2/25H2** that could become unbootable (e.g., **"UNMOUNTABLE_BOOT_VOLUME"**) after installing **KB5074109** or later updates when a **December 2025** security update had previously failed and rolled back, leaving the OS in an “improper state.” Microsoft indicated an earlier mitigation shipped in the optional preview update **KB5074105** (Jan 29, 2026) to prevent additional devices from being impacted, and that the February Patch Tuesday release delivered the complete fix; the issue was not reported as affecting home users or virtual machines.
1 months ago
Windows 11 January Security Updates Trigger UNMOUNTABLE_BOOT_VOLUME Boot Failures
Microsoft is investigating and has acknowledged a limited issue where some **Windows 11** devices fail to boot after installing the **January 2026 Patch Tuesday security updates**, presenting a BSOD/black crash screen with stop code **`UNMOUNTABLE_BOOT_VOLUME`**. Impacted systems can become stuck in a restart loop and are unable to start Windows without **manual recovery efforts**, with Microsoft collecting reports from users and enterprise administrators to determine scope and root cause. Reporting indicates the problem affects **physical devices** (with no virtual machines reported as impacted so far) and is tied to specific Windows 11 builds and cumulative updates, including **Windows 11 25H2** and **Windows 11 24H2** after installing **`KB5074109`**. Microsoft has not yet confirmed the underlying cause or provided a universal remediation beyond recovery steps, and is requesting affected customers submit diagnostics via the **Feedback Hub** while it determines whether the behavior is a regression introduced by the update.
1 months ago
Windows 11 Reliability Backlash and KB5074105 Preview Update Fixes
Microsoft reported **over 1 billion monthly active Windows 11 users**, but user sentiment remains negative, with prominent complaints focused on **buggy updates**, perceived reliability regressions, and unwanted feature changes (including AI-related additions). Microsoft leadership publicly acknowledged the feedback and said the company will prioritize **performance, reliability, and overall user experience** improvements to rebuild trust. Microsoft also released the **KB5074105** optional *non-security* preview cumulative update for Windows 11 (24H2/25H2), positioned as an end-of-month quality update ahead of the next Patch Tuesday. KB5074105 includes dozens of changes and targets operational issues including **boot problems** (e.g., startup hangs when Windows Boot Manager debugging is enabled and iSCSI boot failures with `Inaccessible Boot Device`), **sign-in issues** (including `Explorer.exe` hanging on first login under certain startup-app configurations), and **activation/license migration failures** during upgrades when devices cannot register with the Windows Activation server; the update is available via Windows Update or manual download from the Microsoft Update Catalog.
1 months ago