At the beginning of this month, reports of Windows 11 equipment were released and stopped starting after installing the January 2026 cumulative updates. The users found a blue screen with the failure to stop related to the boot volume, known technically as UNMOUNTABLE _ BOOT _ VOLUME, which prevents the operating system from accessing the disk where Windows is installed.
Microsoft has clarified that these failures are essentially not caused by the January per se update, but by an earlier sequence: failed attempts to apply the December 2025 security patch. According to the company, these previous attempts left some teams in what they call an "improper" or unstable state after reversing the installation. When these systems later attempted to implement the January update (identified by users such as KB5074109), the update process exposed this instability and in some cases caused the boot failure.
The technical description of the symptom - the blue screen with error code related to the boot volume - corresponds to a problem where the system cannot mount the partition containing the files needed to start. Microsoft keeps documentation about this kind of errors in its debugging center, which explains how and why the 0xED bug can appear ( UNMOUNTABLE _ BOOT _ VOLUME) in certain circumstances: Microsoft technical documentation.
Microsoft's research, published in an updated notice and cited by community specialists, indicates that the situation is concentrated in physical equipment; for now there is no evidence that virtual machines are affected in the same way. In addition, the company has announced that it is preparing a partial solution to prevent more devices from entering an unstarted state by trying to update when they are already in that unstable condition. It is important to stress that this partial measure does not correct equipment that can no longer start or avoid all cases in which the system can be left in that state after a first failed update installation.
Managers and domestic users confronted with the problem are facing a prudent decision: to minimize exposure risk until Microsoft deploys complete corrections. For fleet managers, this often results in stopping the automatic implementation of January's update on potentially vulnerable machines and reviewing the update history to identify failed attempts in December. The official status and health page of Windows versions is a good starting point for following Microsoft communications and warnings: Windows Release Health.
If you already meet a computer that does not start and shows the boot volume error, there are recovery steps that can help, depending on the underlying cause. The Windows Recovery Environment (WinRE) offers tools such as start repair, system restoration or restoration from an image; in addition, low-level utilities such as chkdsk can repair damaged file system sectors and structures. Microsoft documents the use of the recovery environment and the chkdsk command on its official pages, useful resources before proposing a complete reinstallation: Windows Recovery Environment (WinRE) and chkdsk documentation.
Caution should be exercised: running repair operations without backup can make the problem worse if the disk presents physical failures. If the data are critical, the safest alternative is to use professional recovery services or certified technical support before applying invasive procedures. For corporate environments, activate backup policies and restoration points, and maintain a test strategy on isolated machines before deploying patches, significantly reduces the impact of situations like this.
The technical community and specialized sites have followed the case closely. An example of follow-up and discussion among administrators can be found in the AskWoody forums, where testimonies and catches of the updated notice were shared: thread in AskWoody. Microsoft, for its part, continues to investigate why some equipment does not complete upgrade facilities or remain in an unstable state after a reversal, and will report new measures as more complete solutions are available.
In summary, the problem identified in January 2025 is the result of an interaction between previous failed attempts (December 2025) and successive updates. The most sensible recipe at this time is prudence: to postpone the massive installation of the problem update, to monitor official Microsoft communications and to have prepared recovery procedures and backup before intervening. Keep an eye on Microsoft updates and official recovery guides before making repair decisions on affected equipment.
Safety alert Drug critical vulnerability of SQL injection in PostgreSQL requires immediate update
Drucal has published safety updates for a vulnerability qualified as "highly critical" which affects Drumal Core and allows an attacker to achieve arbitrary SQL injection in sit...
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...