If you manage Windows 11 equipment in a corporate environment, you probably have felt a content relief: Microsoft has indicated that it has solved a failure that, after installing certain security updates, left some equipment unable to boot. The problem was solved with the security update distributed in the February 2026 Patch Tuesday.
The situation started with a December 2025 update that was not properly applied on some teams, leaving the system in what Microsoft describes as an "incorrect state" after reversing the installation. When these teams tried to apply successive updates - including patches published from January 13, 2026 - some were caught on a black screen showing a boot volume error, and could not complete the start without a manual intervention. The failure was manifested with the classic boot problem message and a similar error to UNMOUNTABLE _ BOOT _ VOLUME, which forced restorations from means of recovery in the most serious cases.
According to information that has circulated in forums and expert analysis, Microsoft identified that the scope was limited: it affected a limited number of commercial physical devices running Windows 11 in the 25H2 and 24H2 versions, and there were no widespread reports among domestic users or on virtual machines. The company launched an initial solution in an optional package at the end of January (non-security update), with the intention of preventing new equipment from falling into the same problem. The final correction was incorporated in the safety update delivered on 10 February 2026, referred to as KB5077181.
If you want to check the official publication and history of Windows 11 versions, the Microsoft launch status page is a good starting point: Windows release health (Microsoft). To look specifically for updates by KB number, the Microsoft Update Catalogue allows you to locate distributed packages: Catalogue of updates: KB5077181. Also useful is the Microsoft's own tool that brings together security notices: Microsoft Security Update Guide.
Specialized media have followed the lead of this incident and have published summaries and analysis of chronology and impact in business environments. An example of technical coverage that collects the sequence of facts and reactions is the piece published by Bleeping Computer: Bleeping Computer. In addition, the community of administrators and consultants, represented by voices like Susan Bradley in AskWoody, has shared the content of private warnings addressed to business clients, which helped clarify that the resolution was first distributed through business-oriented channels: AskWoody / Susan Bradley.
However, relevant points remain for equipment that already suffered the blockade before the correction came. Microsoft has warned that devices that have already become useless may need additional steps to recover functionality and, in such cases, recommends that business customers contact Microsoft Support for Business to receive specialized assistance. This recommendation is important: although the subsequent update prevents more machines from being affected, it does not replace the technical intervention required to repair systems that were damaged in the process.
It is reasonable to ask why this notice was initially made through private channels and was not published openly, as Microsoft has done in other known incidents. The reasons have not been fully publicly clear, and this lack of transparency complicates the work of managers in assessing the impact and measures to be taken in their machine parks.
If you manage corporate environments, the practical thing now is to confirm which teams have received the February 2026 update (or later) and to review the update history to detect previous problem facilities. If you find devices that do not start before the final patch, the recommended route is to seek specialized assistance for recovery. Maintaining recent backup and having means of recovery and a contingency plan for mass deployments remains, as always, the best defence when a critical update has unforeseen adverse effects.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...