Microsoft Probes Windows 11 Boot Failures After January Patch

Microsoft is investigating reports that its January 2026 security updates are leaving some Windows 11 machines stuck in boot loops. The company confirmed the issue affects a "limited number" of physical devices that fail to start after installing KB5074109, displaying an UNMOUNTABLE_BOOT_VOLUME stop code instead of the login screen.

The problematic update released January 13 as part of Patch Tuesday, addressing 114 vulnerabilities including an actively exploited zero-day. Organizations now face an uncomfortable choice between security exposure and boot stability.

What's Happening

Affected devices show a black crash screen with the message "Your device ran into a problem and needs to restart." The UNMOUNTABLE_BOOT_VOLUME stop code indicates Windows cannot access the system partition during startup—a critical failure that prevents normal boot.

Microsoft's incident note confirms the issue affects:

• Windows 11 version 25H2
• All editions of Windows 11 version 24H2

Virtual machines appear unaffected. Server editions have not reported the same behavior. The pattern suggests hardware-specific interactions, though Microsoft hasn't identified the common factor among affected systems.

Once a device enters this state, it cannot complete startup on its own. Recovery requires manual intervention through Windows Recovery Environment tools.

Recovery Options

If your device won't boot after installing KB5074109:

Automatic Repair: Boot from Windows installation media and select "Repair your computer" → "Troubleshoot" → "Advanced Options" → "Startup Repair"

Command-line repair: From recovery mode, try:

chkdsk C: /f /r
sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows

Master Boot Record repair:

bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd

If these steps fail, uninstalling the update through recovery mode may restore boot capability:

1. Boot to recovery
2. Navigate to "Troubleshoot" → "Advanced Options" → "Uninstall Updates"
3. Select "Uninstall latest quality update"

Rolling back the update leaves the system vulnerable to the CVE-2026-20805 zero-day that January's patch addresses—a real trade-off that organizations shouldn't take lightly.

Microsoft's Response

Microsoft states it has "received a limited number of reports" and is actively investigating whether the update caused the boot failures. The company requests affected users submit feedback through the Feedback Hub application to help identify patterns.

No timeline for a fix has been provided. Given the severity—complete boot failure—Microsoft will likely prioritize a resolution, though whether that comes through an out-of-band patch or guidance for affected configurations remains unclear.

This isn't the only January patch headache. Microsoft simultaneously released emergency out-of-band updates addressing an Outlook freezing issue affecting users with PST files stored in cloud services. January's security release has been unusually good at introducing new problems alongside security fixes.

Recommendations

Before patching: Create a system restore point or full backup. Windows 11's built-in backup tools or third-party imaging software can capture a bootable snapshot.

Test first: If you manage multiple systems, patch a subset before wide deployment. The issue appears to affect only certain configurations, so internal testing may reveal whether your environment is susceptible.

Virtual machines: VMs appear unaffected, making them safer to patch immediately. Priority should go to systems exposed to internet-facing attack vectors where the CVE-2026-20805 zero-day poses real risk.

Physical devices: Consider delaying KB5074109 on critical workstations until Microsoft provides more information about affected configurations. Monitor Microsoft's Windows release health dashboard for updates.

Already affected: Don't repeatedly restart hoping the issue resolves—it won't. Boot to recovery mode and attempt repairs before uninstalling the update.

Patching Remains Important

Despite these issues, the January security update addresses genuine risks. CVE-2026-20805, the actively exploited Desktop Window Manager vulnerability, enables attackers to undermine Address Space Layout Randomization (ASLR)—a core operating system protection against memory exploitation.

CISA added the flaw to its Known Exploited Vulnerabilities catalog, setting a February 3 deadline for federal agencies. Private organizations should weigh boot failure risk against exposure to active exploitation.

The boot failure affects a subset of devices. The zero-day affects all unpatched Windows 11 systems. For most organizations, patching remains the right choice—just with appropriate testing and backup procedures in place.