Microsoft has released an out-of-band Windows update to fix two disruptive bugs introduced by the most recent Patch Tuesday rollout. If you rely on Remote Desktop or manage PCs with Secure Launch enabled, this emergency patch should be at the top of your queue.
What Microsoft patched in this emergency Windows update
The first issue breaks sign-ins for some Remote Desktop scenarios. Microsoft says credential prompts can fail in certain remote connection apps, including the Windows App used for Azure Virtual Desktop and Windows 365. The problem is tied to authentication and affects specific builds of Windows 11 25H2, Windows 10 22H2 ESU, and Windows Server 2025. Coverage from BleepingComputer notes that users encountered outright sign-in failures after installing the latest security update, particularly when connecting to Cloud PCs.
The second bug hits shutdown behavior on devices with Secure Launch turned on. Instead of powering off or entering hibernation, impacted Windows 11 23H2 machines would reboot. Secure Launch, which extends protections against firmware-level threats using virtualization-based security, is commonly enabled on managed enterprise endpoints. The unexpected restarts complicate maintenance windows and can create endless reboot loops in scripted workflows.
These glitches arrived alongside a sizable security release that addressed more than 110 vulnerabilities, including multiple critical flaws and one already exploited in the wild, according to Microsoft’s security guidance. The emergency quality update specifically targets the two functional regressions without waiting for the next monthly cycle.
Who is affected by the Remote Desktop and shutdown bugs
Microsoft’s own notes indicate the Remote Desktop sign-in problem can appear when using the Windows App on client devices or within Azure Virtual Desktop and Windows 365 environments. Organizations that standardized on the new Windows App are more likely to feel the impact than those still using the classic Remote Desktop Connection client.
The shutdown issue is narrowly scoped to Windows 11 23H2 systems with Secure Launch enabled. Secure Boot alone is not the trigger; it is the Secure Launch configuration, more common on modern, managed devices, that provokes the restart-on-shutdown behavior.
If you do not use the Windows App for remote sessions or your devices do not have Secure Launch active, you may not see either problem. Still, admins should verify, because mixed environments can hide edge cases—especially where virtualization, Cloud PCs, and conditional access policies intersect.
How to get and deploy the Windows out-of-band fix
The out-of-band updates are delivered through Windows Update and should appear automatically on affected devices. To check manually, open Settings, go to Windows Update, and select Check for updates. If your device qualifies, the emergency patch will download and install; a restart will likely be required.
In enterprise environments, expect distribution through WSUS or your endpoint management platform once your IT team approves the release. If your organization pauses non-critical updates by policy, this one merits an exception for impacted groups—particularly call centers, support teams, and developers who depend on remote sessions.
As always, ensure firmware and driver baselines remain current. Because Secure Launch leverages virtualization-based security, outdated firmware or kernel-mode drivers can magnify shutdown and resume anomalies even after a Windows-side fix is applied.
Why these Windows bugs and the emergency patch matter
Remote Desktop is the backbone of many cloud-first workflows, and sign-in failures can stall entire teams. Incidents reported by administrators often include service desk backlogs, users stranded outside Azure Virtual Desktop sessions, and disrupted access to Windows 365 Cloud PCs. On the security side, Secure Launch helps block bootkits and early-boot tampering, so organizations do not want to disable it just to regain normal shutdown behavior.
This episode also underscores the operational tension of speed versus stability. The latest Patch Tuesday addressed a large slate of vulnerabilities, and emergency fixes like this are part of a mature remediation process. CISA and other defenders have repeatedly warned that delays in patching and misconfigurations around remote access are common factors in intrusions. Rapidly applying targeted quality fixes closes those gaps without waiting a full cycle.
Interim workarounds if you cannot patch today
If the Windows App is failing, some admins report better luck with the classic Remote Desktop Connection client or the web client for Azure Virtual Desktop while awaiting the update. For Secure Launch devices experiencing restarts on shutdown, schedule maintenance during low-usage windows and avoid scripted shutdowns until the fix is in place. Do not permanently disable Secure Launch unless advised by your security team and vendor support.
Bottom line: if your environment matches the affected profiles, install the emergency update as soon as it appears. It restores reliable remote access, prevents unnecessary reboots, and lets you keep modern security features switched on—exactly where they belong.
