CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Windows 11 23H2 Shutdown Issue with System Guard Secure Launch

First reported
Last updated
1 unique sources, 3 articles

Summary

Hide ▲

Windows 11 23H2 devices with System Guard Secure Launch enabled fail to shut down properly after installing the January 13, 2026, cumulative update (KB5073455). Affected systems restart instead of shutting down or entering hibernation. This issue impacts Enterprise and IoT editions of Windows 11, version 23H2, as well as Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 Enterprise LTSC 2019 with Virtual Secure Mode (VSM) enabled. Microsoft has provided a temporary workaround for shutdown but no solution for hibernation. The company is also addressing a separate bug in the January 2026 KB5074109 update causing Remote Desktop connection failures. Microsoft has released an out-of-band update (KB5077797) to fix the shutdown issue in Windows 11 23H2.

Timeline

  1. 02.02.2026 19:17 1 articles · 23h ago

    Shutdown Bug Expands to Windows 10 Systems

    The shutdown bug affecting Windows 11 23H2 devices with System Guard Secure Launch enabled has been confirmed to also impact Windows 10 systems with Virtual Secure Mode (VSM) enabled. Affected Windows 10 versions include 22H2, Enterprise LTSC 2021, and Enterprise LTSC 2019 after installing the KB5078131 and KB5073724 updates. Microsoft has provided a temporary workaround for shutdown and plans to release a solution in a future Windows update.

    Show sources
    Open in new tab
  2. 18.01.2026 20:16 1 articles · 15d ago

    Microsoft Releases Out-of-Band Update for Shutdown Issue

    Microsoft has released an out-of-band update (KB5077797) to address the shutdown issue in Windows 11 23H2 with System Guard Secure Launch enabled. This update resolves the problem where affected systems restart instead of shutting down or entering hibernation.

    Show sources
    Open in new tab
  3. 16.01.2026 10:35 3 articles · 18d ago

    Windows 11 23H2 Shutdown Issue Confirmed

    Microsoft has confirmed that Windows 11 23H2 devices with System Guard Secure Launch enabled fail to shut down properly after installing the January 13, 2026, cumulative update (KB5073455). Affected systems restart instead of shutting down or entering hibernation. Microsoft has provided a temporary workaround for shutdown but no solution for hibernation. Microsoft has released an out-of-band update (KB5077797) to fix the shutdown issue. The issue also affects Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 Enterprise LTSC 2019 with Virtual Secure Mode (VSM) enabled after installing the KB5078131 and KB5073724 updates.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft January 2026 Patch Tuesday Addresses 3 Zero-Days, 114 Flaws

Microsoft's January 2026 Patch Tuesday addressed 114 vulnerabilities, including three zero-days: one actively exploited (CVE-2026-20805) and two publicly disclosed (CVE-2026-21265 and CVE-2023-31096). The updates covered a range of flaw types, with eight classified as 'Critical,' including remote code execution and elevation-of-privilege vulnerabilities. Additionally, Microsoft released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability (CVE-2026-21509) exploited in attacks, affecting multiple Office versions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20805 and CVE-2026-21509 to its Known Exploited Vulnerabilities (KEV) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the latest fixes by February 3, 2026, and February 16, 2026, respectively. The flaw was discovered by the Microsoft Threat Intelligence Center (MSTIC), the Microsoft Security Response Center (MSRC), and the Office Product Group Security Team, and affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise.

Open in new tab

Windows Updates Cause RemoteApp Connection Failures in Azure Virtual Desktop

Recent Windows updates, including the November 2025 KB5070311 non-security update and a recent Windows 365 update, are causing RemoteApp connection failures in Azure Virtual Desktop environments on Windows 11 24H2/25H2 and Windows Server 2025 devices. This issue primarily affects enterprise users, leaving full desktop sessions unaffected. The incident began on Tuesday at 19:00 UTC, with users experiencing sign-in failures and intermittent access issues to their Cloud PCs. Microsoft has provided temporary mitigations, including a registry key modification, a Known Issue Rollback (KIR) for Windows Pro and Enterprise devices, and workarounds such as accessing Cloud PCs through the Windows App Web Client or using the Remote Desktop client for Windows. Microsoft is working on a permanent fix but has not provided a timeline.

Open in new tab

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 183 flaws

Microsoft's October 2025 Patch Tuesday marks the end of free security updates for Windows 10, with the release of the final cumulative update KB5066791. This update addresses 183 vulnerabilities, including six zero-day flaws, and is mandatory for all Windows 10 users. Extended Security Updates (ESU) are available for purchase for up to three years for enterprise users and one year for consumers. The patches cover a range of vulnerabilities, including critical remote code execution and elevation of privilege issues. The zero-day vulnerabilities affect various components, such as Windows SMB Server, Microsoft SQL Server, Windows Agere Modem Driver, Windows Remote Access Connection Manager, AMD EPYC processors, and TCG TPM 2.0. Some of these flaws have been publicly disclosed or actively exploited. The update also includes fixes for vulnerabilities in third-party components, such as IGEL OS and AMD EPYC processors. Additionally, Microsoft Office users should be aware of CVE-2025-59227 and CVE-2025-59234, which exploit the Preview Pane. The update is the largest on record for Microsoft, with 183 CVEs, pushing the number of unique vulnerabilities released so far this year to more than 1,021. The update includes fixes for a wide range of vulnerabilities, including remote code execution (RCE), elevation of privilege, data theft, denial of service (DoS), and security feature bypass issues. The update also marks the end of life for Windows 10, meaning Microsoft will no longer issue regular patches for vulnerabilities in the operating system as part of its regular Patch Tuesday updates. Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade. The October 2025 Windows security updates cause smart card authentication and certificate issues across all Windows 10, Windows 11, and Windows Server releases. The issue is due to a security fix designed to address a security feature bypass vulnerability (CVE-2024-30098) in the Windows Cryptographic Services. Affected users may experience various symptoms, including the inability to sign documents, failures in applications using certificate-based authentication, and smart cards not being recognized as CSP providers in 32-bit apps. The issue can be detected by the presence of Event ID 624 in the System event logs for the Smart Card Service prior to installing the October 2025 Windows security update. The fix is enabled by setting the DisableCapiOverrideForRSA registry key value to 1 to isolate cryptographic operations from the Smart Card implementation. Users experiencing authentication problems can manually resolve the issue by disabling the DisableCapiOverrideForRSA registry key. The DisableCapiOverrideForRSA registry key will be removed in April 2026, and users are advised to work with their application vendors to resolve the underlying problem. Microsoft also fixed another known issue breaking IIS websites and HTTP/2 localhost (127.0.0.1) connections after installing recent Windows security updates. Microsoft has released out-of-band (OOB) security updates for a critical-severity Windows Server Update Service (WSUS) vulnerability (CVE-2025-59287) with publicly available proof-of-concept exploit code. The vulnerability can be exploited remotely in low-complexity attacks that do not require user interaction, allowing threat actors without privileges to target vulnerable systems and run malicious code with SYSTEM privileges. Microsoft has released security updates for all impacted Windows Server versions, including Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. Workarounds for admins who can't immediately install these emergency patches include disabling the WSUS Server Role or blocking all inbound traffic to Ports 8530 and 8531 on the host firewall. The OOB update supersedes all previous updates for affected versions, and users are advised to install it as soon as possible. A new Windows zero-day vulnerability allows attackers to crash the Remote Access Connection Manager (RasMan) service. The RasMan service is a critical Windows system service that runs with SYSTEM-level privileges. The zero-day flaw is a denial-of-service (DoS) vulnerability that affects all Windows versions, including Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025. The flaw allows unprivileged users to crash the RasMan service due to a coding error in how it processes circular linked lists. ACROS Security provides free, unofficial security patches for this Windows RasMan zero-day via its 0patch micropatching service. The micropatch can be installed by creating an account and installing the 0Patch agent, which applies the patch automatically without requiring a restart.

Open in new tab

Microsoft Releases November and December 2025 Patch Tuesday Updates for Windows 11

Microsoft has released the optional KB5074105 preview cumulative update for Windows 11, addressing critical issues such as boot failures, sign-in problems, and activation errors. This update also resolves the 'UNMOUNTABLE_BOOT_VOLUME' errors linked to failed December 2025 security update installations, though it does not repair already affected systems. Microsoft continues to investigate the root cause of the update failures and improper system states after rollback. Earlier, Microsoft linked the January 2026 boot failures to failed attempts to install the December 2025 security update, which left systems in an unstable state. The company is working on a partial resolution to prevent further devices from encountering this issue. Additionally, Microsoft released emergency out-of-band updates to fix an issue causing Microsoft Outlook to freeze when PST files are stored in cloud services. Prior updates included fixes for gaming performance issues caused by October 2025 updates, broken localhost HTTP connections, and Windows Recovery Environment (WinRE) problems. Microsoft also resolved false positive detections for WinSqlite3.dll related to CVE-2025-6965 and released cumulative updates for November and December 2025, introducing new features and addressing security vulnerabilities across Windows 11 versions 25H2/24H2 and 23H2.

Open in new tab

Microsoft August 2025 Patch Tuesday: Multiple Critical Elevation-of-Privilege Vulnerabilities

Microsoft's August 2025 Patch Tuesday addressed 111 vulnerabilities, including 44 elevation-of-privilege (EoP) flaws and 35 remote code execution (RCE) vulnerabilities. The update also fixed 18 information disclosure flaws, 8 spoofing defects, and 4 denial-of-service issues. Critical issues included EoP bugs in Windows Hyper-V, Microsoft SQL Server, and Azure OpenAI, as well as RCE vulnerabilities in SharePoint and Windows Graphics Component. The update included a fix for CVE-2025-53779, a publicly known Windows Kerberos EoP flaw dubbed BadSuccessor, disclosed in May 2025. The update did not include any actively exploited bugs, marking the second consecutive month without such vulnerabilities. Security experts recommended immediate patching for high-severity issues, especially those in core system components and widely used services like SharePoint and SQL Server. However, the August 2025 security updates caused failures in reset and recovery operations on Windows 10 and older versions of Windows 11. Microsoft released emergency out-of-band updates on August 19, 2025, to resolve this issue. The emergency updates are available as optional updates via Windows Update and Windows Update for Business, or can be downloaded and installed manually from the Microsoft Update Catalog. Additionally, the August 2025 security updates caused severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. The issues affected applications such as OBS (Open Broadcast Software) and NDI Tools, especially when 'Display Capture' was enabled on the source PC. A temporary workaround involved changing the NDI Receive Mode to use TCP or UDP instead of RUDP. Microsoft resolved a known issue causing Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems. The affected upgrade paths included Windows 10 1809, 21H2, and 22H2 to Windows 11 versions 23H2 and 22H2, and Windows Server 2016 to Windows Server 2019 or 2022, and Windows Server 2019 to Windows Server 2022. The issue was resolved as of August 15, 2025, and users were advised to retry the upgrade process if they encountered the error. The KB5064081 update introduced a new method for displaying CPU usage in Task Manager, standardizing CPU reporting across the application. The update included new Recall features and a redesigned Windows Hello interface. The update addressed an issue that prevented some system recovery features from working properly due to a temporary file sharing conflict. The update fixed an issue in Resilient File System (ReFS) where using backup apps with large files could sometimes exhaust system memory. The update resolved an issue with the Chinese (Simplified) Input Method Editor (IME) where some extended characters appeared as empty boxes. The update addressed an issue that prevented typing on the touch keyboard when using the Microsoft Changjie, Microsoft Bopomofo, or Microsoft Japanese Input Method Editors (IMEs). The update fixed an issue that slowed application installation on ARM64 devices. The update included fixes for audio and video performance issues when using Network Device Interface (NDI) to stream or transfer feeds between PCs. The update was part of the company's optional non-security preview update schedule, which releases updates at the end of each month to test new fixes and features coming to the next month's Patch Tuesday. The KB5065426 and KB5065431 cumulative updates for Windows 11 introduce new features and improvements, including a redesigned Windows Hello interface and enhanced passkey features. The updates include a new Recall feature that opens to a personalized homepage, highlighting recent activity and top-used apps and websites. The updates fix issues with the taskbar preview thumbnail, Search on the taskbar, and the lock screen widgets. The updates introduce a new navigation bar for quick access to Home, Timeline, Feedback, and Settings in the Recall feature. The updates include a new grid view in Search on the taskbar to help users quickly identify desired images. The updates provide clearer status information in Search on the taskbar, including progress notices and file availability status. The updates introduce a new visual experience for the Discover feed on the Widgets Board, including Copilot-curated stories. The updates include a new Windows Backup for Organizations feature, providing enterprise-grade backup and restore capabilities. The updates address an issue with the Microsoft Pluton Cryptographic Provider, resolving error messages in Windows Event Viewer. The updates fix issues with live captions, input methods, and various underlying system components. The September 2025 Windows security update fixed issues caused by the August 2025 updates, which triggered unexpected UAC prompts and app installation problems for non-admin users across all Windows versions. The issue was due to a security patch for CVE-2025-50173, a Windows Installer privilege escalation vulnerability. The September update reduces the scope of UAC prompts for MSI repairs and allows IT admins to disable UAC prompts for specific apps.

Open in new tab