Microsoft has officially released a series of Windows Emergency Update this week. These out-of-band patches arrived on January 17, 2026. They respond to critical failures triggered by the earlier January 13 Patch Tuesday release. Specifically, the company is addressing two major issues. One bug prevents Windows 11 computers from shutting down. The other bug breaks Remote Desktop connections for many users. While Patch Tuesday usually focuses on security, these new errors have disrupted core operations. Consequently, IT administrators are racing to install these manual fixes across their networks.

The Shutdown and Hibernation Glitch
Initially, reports surfaced that Windows 11 version 23H2 devices were refusing to power off. Users would select the “Shut down” or “Hibernate” option from the Start menu. Instead of turning off, the devices would simply perform a full system restart. Microsoft later confirmed that this issue specifically affects machines with “Secure Launch” enabled. This feature is also known as System Guard Secure Launch. It uses virtualization-based security to protect systems from firmware-level threats.
The bug effectively turned a security-hardened computer into a device that never sleeps. Therefore, many users had to resort to physical power buttons or command-line overrides. Microsoft recommended using the command shutdown /s /t 0 as a temporary workaround. However, this manual step was not a permanent solution for enterprise fleets. The emergency update, identified as KB5077797, now resolves this power management glitch.
Breaking Remote Connections
Furthermore, the January 13 security updates introduced a “credential prompt failure” in remote applications. This issue impacted the Windows App on Windows 10 and Windows 11 devices. It also broke connections for Azure Virtual Desktop and Windows 365 Cloud PCs. When users tried to log in, the authentication process would fail entirely. Because many employees rely on remote access, this bug caused immediate productivity losses.
Microsoft identified the cause as a flaw in how the system handles sign-in requests. Consequently, they released KB5077744 for Windows 11 versions 24H2 and 25H2. A similar fix was issued for Windows 10 users through the Extended Security Update (ESU) program. These out-of-band updates are currently not available through the standard Windows Update settings. Instead, administrators must download them manually from the Microsoft Update Catalog.
Windows Emergency Update: Patch Tuesday Security Risks
Before these operational bugs appeared, the January Patch Tuesday was already a high-priority event. Microsoft addressed 114 security vulnerabilities in that single release. Among these, eight were classified as “Critical” due to their potential for severe damage. One vulnerability, tracked as CVE-2026-20805, was already being exploited by hackers.
This specific flaw affects the Desktop Window Manager (DWM). It allows an attacker to disclose sensitive information from a computer’s memory. While the severity score is a moderate 5.5, its active use makes it dangerous. Hackers can use the disclosed information to bypass other security layers. For instance, they might defeat Address Space Layout Randomization (ASLR). This makes it easier to launch more complex and destructive attacks later.
| Vulnerability Type | Number of Fixes |
| Elevation of Privilege | 58 |
| Information Disclosure | 22 |
| Remote Code Execution | 21 |
| Spoofing | 5 |
| Security Feature Bypass | 3 |
Windows Emergency Update: Removing Legacy Security Risks
In addition to fixing bugs, Microsoft used these updates to remove outdated software. Specifically, the company deleted third-party “Agere Soft Modem” drivers from the OS. These drivers contained a two-year-old vulnerability known as CVE-2023-31096. Although few people still use dial-up modems, the drivers remained a potential entry point. By removing agrsm64.sys and agrsm.sys, Microsoft closed a gap that granted SYSTEM privileges to attackers.
Furthermore, Microsoft is preparing for a major certificate transition. Many Secure Boot certificates issued in 2011 are set to expire in June 2026. If these are not updated, some computers may fail to boot entirely. The January updates begin the process of replacing these old certificates with new 2023 versions. This proactive move ensures that the “root of trust” remains secure for years to come.
Unresolved Issues and Future Risks
Despite the emergency fixes, some problems remain unpatched. For example, many users report that “Outlook Classic” crashes when using POP email accounts. Microsoft has acknowledged this bug but has not provided a timeline for a fix. Additionally, some users are experiencing “black screen” errors after updating. These issues appear to involve compatibility problems with specific GPU drivers from NVIDIA and AMD.
The company is also implementing a “hardening” phase for the Kerberos protocol. This is part of a plan to stop using weak RC4 encryption. While this improves security, it could cause authentication errors in older network environments. IT teams must monitor their logs for new Kerberos audit events throughout this month. If they ignore these warnings, their systems might stop working during the next phase in April.
Recommendations for Users and IT Admins
Experts recommend that organizations prioritize the out-of-band updates immediately. If you cannot install the manual patches, you should use a “Known Issue Rollback” (KIR). This tool allows admins to disable the broken remote desktop code through Group Policy. For home users, the shutdown bug is mostly limited to enterprise-managed devices. If your computer shuts down normally, you likely do not need the manual emergency patch.
However, everyone should ensure they have the core January 13 security updates installed. The risk from CVE-2026-20805 and the 21 remote code execution flaws is high. Protecting against active exploitation is more critical than minor UI glitches. As Microsoft continues to refine these updates, users should keep an eye on the Windows Message Center. This official page provides the latest status on known issues and their resolutions.
Windows Emergency Update: Conclusion and Analysis
This month demonstrates the delicate balance Microsoft must strike. They must protect billions of users from sophisticated cyber threats. Yet, every security change risks breaking the tools that people use for work. The failure of Remote Desktop and the shutdown process shows that even standard features are fragile. Because these bugs appeared so quickly, critics are questioning Microsoft’s testing procedures.
Still, the speed of the emergency response is a positive sign. Releasing out-of-band fixes within four days of the initial error is an impressive turnaround. This rapid action helps prevent a wider crisis in the business world. For now, the focus shifts to whether the “Outlook Classic” and “black screen” bugs will receive similar attention. Users should expect another round of patches during the next “Preview” update cycle later this month.
Sources for Further Reading:
- Bleeping Computer: Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs
- Windows Latest: Microsoft confirms Windows 11 January 2026 Update issues, releases fix
- The Hacker News: Microsoft Fixes 114 Windows Flaws in January 2026 Patch
- Qualys Blog: Microsoft and Adobe Patch Tuesday, January 2026 Security Update Review
- Microsoft Support: January 17, 2026—KB5077797 Out-of-band Update Details







Leave a Reply