Windows 11 PCs Fail to Shut Down After January Security Update

Microsoft’s January 13, 2026, security update for Windows 11 has reportedly introduced a critical flaw. Systems impacted by the patch are failing to shut down or hibernate as intended, instead performing an unexpected restart.

The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2. It was first reported on January 15 and arises from interference with Secure Launch, a virtualization-based security (VBS) feature designed to protect boot processes from firmware threats such as rootkits.

Secure Launch, part of Windows’ System Guard suite, verifies the firmware environment during startup using hypervisor-protected code integrity.

Isolating the core root of trust measurements prevents persistent malware from tampering with the pre-OS environment. Ironically, this month’s patch, intended to bolster defenses, disrupts the feature, blocking proper power-off states on compatible hardware.

Affected Systems and Scope

The glitch affects only the Enterprise and IoT editions of Windows 11 23H2, sparing the consumer Home and Pro variants. No server platforms, such as Windows Server, face disruptions.

Microsoft confirmed the problem via its support portal, last updated January 15 at 19:01 PT. Systems must have Secure Launch enabled, a common setup in high-security enterprise deployments that rely on VBS to meet compliance standards such as NIST or zero-trust architectures.

Admins in regulated sectors, including finance and government, report the issue across fleets, raising concerns over power management reliability.

While not a vulnerability itself, the bug exposes risks: devices stuck in restart loops drain batteries faster, potentially leading to data loss or unattended uptime that amplifies exposure to unpatched threats.

Microsoft offers a temporary fix for shutdowns via Command Prompt: launch cmd from the Search bar and run shutdown /s /t 0. This forces an immediate power-off, bypassing the GUI failure. Hibernation lacks a workaround; users must save work and opt for full shutdowns to prevent unexpected power loss.

The company promises a fix in an upcoming update and urges IT teams to monitor Windows Update channels. In the interim, disabling Secure Launch via Group Policy (Computer Configuration > Administrative Templates > System > Device Guard) restores functionality but weakens boot integrity—a trade-off for threat hunters weighing the risks of firmware attack vectors.

This incident underscores the double-edged sword of monthly Patch Tuesday rollouts. As enterprises patch for zero-days, such regressions highlight the need for staged testing, especially on security-hardened configs.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.