Windows 10 KB5068164 WinRE Failure and Microsoft’s Delayed Fix
Microsoft issued a fix for a Windows 10 Windows Recovery Environment (WinRE) failure introduced by the October 14, 2025 update that left some systems unable to launch WinRE, a critical last-resort recovery tool when Windows fails to boot. The remediation is associated with KB5068164 for Windows 10 21H2/22H2, which was intended to update WinRE via a Safe OS Dynamic Update but instead shipped with a defect that prevented WinRE from starting; Microsoft provided limited technical detail beyond stating the issue was “addressed.”
Reporting indicates Microsoft formally logged the known issue on Feb 20, 2026 and updated support documentation with a resolution on Mar 3, 2026, leaving affected endpoints without functional WinRE for months. The update’s applicability is conditional (e.g., sufficient free space in the recovery partition—commonly cited as 250 MB—and presence/state of a WinRE partition), and administrators can validate WinRE status using reagentc /info; a subsequent fix is referenced as KB5075039. Separately, a Windows 11 in-place upgrade bug has been reported to delete C:\Windows\dot3svc\Policies (impacting 802.1X wired authentication and causing loss of network connectivity), but that issue is distinct from the WinRE incident.
Timeline
Mar 3, 2026
Microsoft adds resolution details to support documentation
On 2026-03-03, Microsoft updated its support documentation with resolution information for the WinRE issue, directing affected users toward the remediation.
Feb 20, 2026
Microsoft logs the KB5068164 WinRE issue as a known problem
Microsoft formally documented the Windows 10 WinRE startup failure as a known issue on 2026-02-20, acknowledging the defect months after the original update shipped.
Jan 1, 2026
Microsoft releases KB5075039 to remediate WinRE boot failure
In January 2026, Microsoft released update KB5075039 to fix the WinRE boot problem caused by the earlier Windows 10 update and restore recovery functionality on affected systems.
Oct 14, 2025
KB5068164 causes WinRE to fail on some Windows 10 systems
The October 14, 2025 update introduced a defect that prevented Windows Recovery Environment from starting on affected devices, leaving recovery inaccessible for some users.
Oct 14, 2025
Microsoft releases KB5068164 for Windows 10 WinRE
On 2025-10-14, Microsoft released update KB5068164 for Windows 10 21H2 and 22H2 to apply Safe OS Dynamic Update KB5067017 to the Windows Recovery Environment without requiring a restart, replacing KB5063523.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
Windows Update KB5066835 Disrupts USB Input Devices in Windows Recovery Environment
Microsoft released the KB5066835 security update for Windows in October 2025, which introduced a critical issue affecting the Windows Recovery Environment (WinRE). After installing this update, users reported that USB-connected keyboards and mice stopped functioning within WinRE, rendering the recovery environment largely unusable for troubleshooting or repairing systems. The main Windows operating system remained unaffected, with USB input devices continuing to work as expected outside of recovery mode. This issue impacted both client versions, including Windows 11 24H2 and 25H2, as well as Windows Server 2025 platforms. Microsoft acknowledged the problem on its Windows release health dashboard, confirming that the bug was directly linked to the KB5066835 update. The inability to use USB input devices in WinRE prevented users from navigating recovery options, which could be particularly problematic for those needing to restore or repair their systems after critical failures. As a temporary workaround, Microsoft suggested using Bluetooth wireless input devices or legacy PS/2 connectors, which were not affected by the update. The company assured users that a fix was being developed and would be released in the coming days to address the issue. This incident followed previous problems with WinRE updates, such as the 0x80070643 installation errors that were resolved earlier in the year. The rapid response from Microsoft included an emergency patch to mitigate the disruption caused by the faulty update. Security news outlets highlighted the urgency of the situation, emphasizing the importance of WinRE for system recovery and the widespread impact of the bug. The incident underscored the risks associated with critical system updates and the need for thorough testing, especially for components essential to system recovery. Administrators and end-users were advised to monitor Microsoft's official channels for updates and to consider alternative input methods if immediate access to WinRE was required. The event demonstrated the cascading effects a single update can have on system usability, particularly in scenarios where recovery tools are vital. Microsoft's communication and swift action were crucial in managing the fallout and restoring confidence among its user base. The situation also served as a reminder for organizations to have contingency plans for recovery operations in the event of unexpected software issues.
1 months ago
Windows 11 KB5077181 Patch Tuesday Update Triggers and Fixes Boot Failures
Microsoft’s February 2026 Windows 11 cumulative security update **KB5077181** (for versions **24H2** and **25H2**) was associated with significant boot reliability issues reported shortly after deployment, including systems entering **infinite restart loops** and failing to reach the desktop. Reports described login-time errors (including **System Event Notification Service (SENS)** procedure errors) and network symptoms such as **DHCP failures**, while Microsoft’s public release notes and health dashboard were reported as not listing known issues at the time. The update also shipped broad security remediation, with reporting citing **58 vulnerabilities** addressed and **six actively exploited zero-days** referenced via CISA’s **Known Exploited Vulnerabilities** catalog, including fixes for issues such as SmartScreen bypass (`CVE-2026-21510`), Desktop Window Manager EoP (`CVE-2026-21519`), Remote Desktop Services EoP (`CVE-2026-21533`), and a Notepad RCE via crafted Markdown (`CVE-2026-20841`). Separately, Microsoft stated that **KB5077181** fully resolved a specific Windows 11 boot failure condition affecting a limited set of **commercial physical devices** on **24H2/25H2** that could become unbootable (e.g., **"UNMOUNTABLE_BOOT_VOLUME"**) after installing **KB5074109** or later updates when a **December 2025** security update had previously failed and rolled back, leaving the OS in an “improper state.” Microsoft indicated an earlier mitigation shipped in the optional preview update **KB5074105** (Jan 29, 2026) to prevent additional devices from being impacted, and that the February Patch Tuesday release delivered the complete fix; the issue was not reported as affecting home users or virtual machines.
1 months ago
Microsoft Windows 11 Updates Trigger Boot Failures and Security-Driven Driver/Privilege Changes
Microsoft attributed **Windows 11 no-boot failures** seen after installing the January 2026 cumulative update `KB5074109` (Windows 11 **24H2/25H2**) to devices that had previously **failed to install the December 2025 security update** and were left in an “**improper state**” after rollback. Affected systems can crash on startup with a BSOD `UNMOUNTABLE_BOOT_VOLUME`; Microsoft said the issue appears limited to **physical devices** (no confirmed VM impact) and is working on a **partial mitigation** to prevent additional systems from entering a no-boot scenario, while continuing to investigate why some devices fail updates or end up unstable after rollback. Separately, Microsoft’s recent Windows 11 servicing and security work included **deliberately disabling legacy dial-up modem drivers** (e.g., `AGRSM64.SYS`/`AGRSM.SYS`, `SMSERL64.SYS`/`SMSERIAL.SYS`) due to reported vulnerabilities including **CVE-2023-31096** (EoP) and **CVE-2025-24052** (stack-based buffer overflow), which can present risk even if the modem hardware is unused—at the cost of breaking connectivity for niche systems relying on those drivers. Microsoft also patched **nine bypasses** reported by Google Project Zero that could undermine the new **Windows Administrator Protection** feature by enabling silent admin privilege gains via legacy Windows/UAC behaviors (including a token/Logon Sessions-related technique involving `NtQueryInformationToken` and DOS device object directory creation), ahead of broader availability beyond Insider builds.
1 months ago