Microsoft Confirms Shutdown Bug Hits Windows 10 and Windows 11 Systems With VSM Enabled

Listen to this Post

Featured ImageIntroduction: A Security Feature Turns Into a System Stability Headache

Microsoft has acknowledged a critical Windows shutdown issue that quietly crosses version boundaries. What initially appeared to be a Windows 11–specific problem has now been confirmed to also affect multiple Windows 10 editions when a powerful security feature—Virtual Secure Mode (VSM)—is enabled. The issue highlights a recurring tension in modern operating systems: advanced security hardening can sometimes introduce unexpected system-level instability, especially when combined with recent cumulative updates.

Summary of the Original

Microsoft has officially confirmed that a known shutdown bug affecting Windows 11 systems also impacts Windows 10 devices when Virtual Secure Mode (VSM) is enabled. VSM is a core Windows security technology that uses hardware virtualization to isolate sensitive parts of the operating system in a protected memory region known as the secure kernel. This design makes it extremely difficult for malware—even with kernel-level access—to steal credentials, encryption keys, or security tokens. VSM underpins several enterprise-grade protections, including Credential Guard, Device Guard, and Hypervisor-Protected Code Integrity, primarily available in Windows 10 and Windows 11 Enterprise editions.

The issue was first publicly acknowledged on January 15, when Microsoft confirmed that Windows 11 version 23H2 systems running the KB5073455 cumulative update were unable to shut down properly if System Guard Secure Launch was enabled. Instead of powering off or entering hibernation, affected systems would automatically restart. To mitigate the issue, Microsoft released emergency out-of-band updates two days later and advised users who could not install them to manually shut down their systems using the command shutdown /s /t 0.

More recently, Microsoft updated its Windows release health dashboard to confirm that the same shutdown bug also affects Windows 10 version 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 Enterprise LTSC 2019. This occurs when VSM is enabled after installing the KB5078131 and KB5073724 updates. As with Windows 11, affected Windows 10 users are advised to rely on the same command-line shutdown workaround until a permanent fix is released.

Microsoft clarified that Secure Launch–capable PCs with VSM enabled may be unable to shut down or hibernate after installing Windows updates released on or after January 13, 2026. Instead, the system restarts automatically. The company stated that a solution is planned for a future Windows update and that more details will be shared once available.

This issue follows other recent Windows update problems Microsoft has addressed, including a bug that caused security software to incorrectly flag a core Windows component as malicious across both client and server platforms, and another issue that removed the password sign-in option from the Windows 11 lock screen after certain updates released since August 2025.

What Undercode Say:

This incident reinforces a pattern that has become increasingly familiar in modern Windows environments: the more deeply security is embedded into the operating system, the higher the risk that a single regression can ripple across multiple versions and editions. Virtual Secure Mode is not a fringe feature—it is foundational for enterprises that rely on credential isolation, virtualization-based security, and firmware-level boot protection. When such a feature breaks basic system functionality like shutdown or hibernation, it becomes more than an inconvenience; it becomes an operational risk.

What stands out is that the issue affects both Windows 11 and Windows 10 LTSC editions, which are often deployed in environments where stability and predictability are prioritized over rapid feature updates. These systems are commonly found in critical infrastructure, industrial environments, healthcare, and long-term enterprise deployments. A forced restart instead of a shutdown can disrupt maintenance workflows, interfere with patching cycles, and in some cases even risk data integrity.

The workaround Microsoft provides—using a command-line shutdown—is functional but far from ideal. It assumes administrative access, technical awareness, and manual intervention, all of which increase operational overhead. For organizations managing hundreds or thousands of endpoints, this is not a scalable solution. It also highlights how emergency out-of-band patches, while necessary, are often reactive rather than preventive.

Another important angle is the interaction between Secure Launch, firmware protections, and virtualization-based security. These components operate at a layer where traditional testing may miss edge cases that only surface on specific hardware configurations. As Windows continues to push security boundaries closer to the hardware, update validation becomes exponentially more complex.

From a strategic standpoint, this bug underscores the need for enterprises to stage updates carefully, even for security-focused patches. Blindly enabling advanced protections without validating post-update behavior can introduce downtime that outweighs the immediate security benefits. Microsoft’s transparency via the release health dashboard is a positive step, but faster root-cause communication would help organizations make more informed risk decisions.

Fact Checker Results

✅ Microsoft officially confirmed the shutdown issue affects both Windows 10 and Windows 11 with VSM enabled

✅ The affected updates and Windows editions align with Microsoft’s release health documentation

❌ No confirmed release date yet for the permanent fix for VSM-enabled Windows 10 systems

Prediction

🔮 Microsoft will likely bundle the permanent fix into a broader cumulative update rather than another emergency patch.
🔮 Enterprises may temporarily disable VSM on non-critical systems to maintain operational stability.
🔮 This issue will accelerate calls for more granular control over security feature rollouts in Windows environments.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.linkedin.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon