Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting.
The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2. It was first reported on January 15 and arises from interference with Secure Launch, a virtualization-based security (VBS) feature designed to protect boot processes from firmware threats such as rootkits.
Secure Launch, part of Windows’ System Guard suite, verifies the firmware environment during startup using hypervisor-protected code integrity.
Isolating the core root of trust measurements prevents persistent malware from tampering with the pre-OS environment. Ironically, this month’s patch, intended to bolster defenses, disrupts the feature, blocking proper power-off states on compatible hardware.
Affected Systems and Scope
The glitch affects only the Enterprise and IoT editions of Windows 11 23H2, sparing the consumer Home and Pro variants. No server platforms, such as Windows Server, face disruptions.
Microsoft confirmed the problem via its support portal, last updated January 15 at 19:01 PT. Systems must have Secure Launch enabled, a common setup in high-security enterprise deployments that rely on VBS to meet compliance standards such as NIST or zero-trust architectures.
Admins in regulated sectors, including finance and government, report the issue across fleets, raising concerns over power management reliability.
While not a vulnerability itself, the bug exposes risks: devices stuck in restart loops drain batteries faster, potentially leading to data loss or unattended uptime that amplifies exposure to unpatched threats.
Microsoft offers a temporary fix for shutdowns via Command Prompt: launch cmd from the Search bar and run shutdown /s /t 0. This forces an immediate power-off, bypassing the GUI failure. Hibernation lacks a workaround; users must save work and opt for full shutdowns to prevent unexpected power loss.
The company promises a fix in an upcoming update and urges IT teams to monitor Windows Update channels. In the interim, disabling Secure Launch via Group Policy (Computer Configuration > Administrative Templates > System > Device Guard) restores functionality but weakens boot integrity—a trade-off for threat hunters weighing the risks of firmware attack vectors.
This incident underscores the double-edged sword of monthly Patch Tuesday rollouts. As enterprises patch for zero-days, such regressions highlight the need for staged testing, especially on security-hardened configs.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
