Microsoft pushes urgent fixes after Windows shutdown and RDP failures

Windows administrators scrambled this month after a January security update prevented some machines from powering off and blocked Remote Desktop sign-ins, prompting Microsoft to release out-of-band fixes to repair the regressions. The company said the cumulative packages, published January 17, restore normal shutdown and hibernation behavior on affected Windows 11 devices and repair authentication failures that left some remote sessions unusable.

Microsoft identified two primary problems linked to the January 13 security update. On certain Windows 11 PCs with System Guard Secure Launch enabled, attempts to shut down or enter hibernation resulted in an immediate restart rather than powering off. Separately, Remote Desktop connections and other remote sign-in flows failed at authentication steps, preventing users from signing in to remote systems or apps that rely on Windows authentication. Microsoft’s support documentation confirms the out-of-band updates address both issues and include the security fixes from the January 13 release.

The company referenced the January security update as KB5073457 in its support notes, while some product listings show a January 13 entry as KB5073450 for specific builds. Microsoft’s January 17 out-of-band entry for Windows Server, version 23H2 is listed as KB5077792 with OS Build 25398.2096. A servicing stack update for Windows Server 2022, KB5074428, was also published to improve reliability of update installation and is listed with OS Build 20348.4640.

Microsoft described the out-of-band packages as cumulative: systems that already installed earlier January updates will receive only the new components contained in the OOB package. The company made the fixes available through the Microsoft Update Catalog and advised IT administrators who have not yet deployed the January security update to apply the out-of-band package instead, particularly in environments that use Secure Launch or Remote Desktop. Documentation also advises rebooting after installation to complete fixes.

The update rollout included a separate known issue affecting Windows Server Update Services. After installing KB5070884 or later, WSUS will not display synchronization error details in its error reporting. Microsoft temporarily removed that functionality as part of steps to mitigate a remote code execution vulnerability tracked as CVE-2025-59287. Administrators relying on WSUS diagnostic output should be aware the change is intentional and related to the ongoing mitigation effort.

Independent user reports in administrator forums and product coverage surfaced additional anomalies following the January updates, including intermittent black screens, desktop backgrounds reverting to black, and application crashes such as in Outlook Classic. Those problems have not been confirmed in Microsoft’s support notes and may reflect a range of system configurations and third-party interactions. Microsoft’s published fixes specifically target the Secure Launch shutdown regression and the Remote Desktop sign-in failures.

For organizations managing fleets of Windows devices, the immediate path forward is to obtain the January 17 out-of-band packages from the Microsoft Update Catalog and schedule installations with required reboots. Applying the cumulative OOB update should both restore affected functionality and ensure systems include the January security corrections without needing separate deployment of the earlier January package.