Microsoft is once again reminding admins and everyday Windows users that Patch Tuesday is not always the end of the story. You see, the company has released an out-of-band update to fix problems caused by the January 2026 Windows security update, after reports surfaced of serious connection failures and shutdown issues across multiple supported versions of Windows and Windows Server. The emergency update was published on January 17, 2026, and is available directly through the Microsoft Update Catalog.
The problems are not minor edge cases, either. Microsoft confirmed that remote connection and authentication failures are affecting multiple platforms, including Windows 11 version 25H2, Windows 10 version 22H2 ESU, and Windows Server 2025. In practical terms, this means that organizations relying on remote desktop tools, VPNs, or other authentication-dependent services could see users locked out, sessions failing to establish, or credentials being rejected even though nothing changed on their end. For businesses with hybrid or fully remote workforces, that kind of disruption can quickly turn into a full-blown outage.
There is also a separate and particularly frustrating issue hitting Windows 11 version 23H2 systems with Secure Launch enabled. On those devices, shutdown and hibernation can fail entirely, leaving machines stuck in an awkward powered-on state. For laptops, that can mean drained batteries and overheated bags. For desktops and workstations, it can mean systems that refuse to fully power down, which is the last thing IT teams want to see after pushing a security update meant to make machines safer.
Microsoft says the fix is an out-of-band update, which is its way of admitting that waiting until the next Patch Tuesday is not an option. These updates are released outside the normal schedule when the impact is considered severe enough to justify immediate action. In this case, Microsoft is recommending that if you have not yet deployed the January 2026 security update and your environment includes affected applications or features, you should install the out-of-band update instead of the original patch. That guidance alone tells you how confident Microsoft is that the original update caused real harm in production environments.
The emergency patches are split by Windows version and delivered as separate knowledge base updates. Windows 11 versions 25H2 and 24H2 receive KB5077744. Windows 11 version 23H2 receives KB5077797. Windows 10 version 22H2 ESU and Windows 10 Enterprise LTSC 2021 receive KB5077796. On the server side, Windows Server 2025 gets KB5077793, Windows Server 2022 gets KB5077800, and Windows Server 2019 and Enterprise LTSC 2019 get KB5077795. All of these updates are available through the Microsoft Update Catalog rather than Windows Update, which means admins need to manually download and deploy them or integrate them into their update-management systems.
This situation highlights a growing trend that many admins have been quietly complaining about for years. Windows updates are increasingly complex, and the blast radius of a bad patch keeps getting larger. With Windows now spanning consumer laptops, enterprise desktops, cloud-connected workstations, and mission-critical servers, a single flawed update can ripple across an entire organization in hours. Remote authentication issues are especially painful because they often block the very tools needed to troubleshoot the problem.
It also raises questions about Microsoft’s testing pipeline, especially as Windows 11 continues to add security layers like Secure Launch that interact deeply with firmware and power management. When those systems break, the results are not just annoying, they are disruptive in very real ways. A machine that cannot hibernate or shut down properly is not just inconvenient. It can shorten hardware lifespan, waste power, and create safety concerns in some environments.
For home users, the impact may be less obvious, but it is still worth paying attention. If you noticed remote desktop behaving strangely, VPN logins failing, or a Windows 11 system refusing to power off properly after the January updates, this out-of-band patch is likely the fix. The catch is that most consumers will never think to visit the Microsoft Update Catalog, so many will simply wait until Microsoft quietly rolls the fixes into a future cumulative update.
For IT admins, the message is clearer. Test patches carefully, even security updates, and keep an eye on Microsoft’s release health notices after every Patch Tuesday. Out-of-band updates are becoming less of a rare emergency and more of a recurring pattern, and that changes how Windows updates need to be managed. Sadly, the days of blind trust in monthly updates are long gone.
Support independent tech journalism
NERDS.xyz is independently owned and operated. If you enjoy my coverage of Linux, AI, hardware, cybersecurity, and tech culture, consider supporting the site on Ko-fi.
Support NERDS.xyz