Fix Windows 11 January 2026 Update Shutdown Bug: Complete Step-by-Step Guide

Overview

Microsoft’s January 2026 security update (KB5073455) for Windows 11 introduced a critical bug that prevents certain systems from shutting down properly. Instead of powering down or entering hibernation mode, affected PCs unexpectedly restart, creating a frustrating loop that compromises a fundamental operating system function. This comprehensive guide walks you through identifying the issue, implementing immediate workarounds, and deploying the permanent fix released by Microsoft.

Understanding the Windows 11 January 2026 Shutdown Bug

What Happened?

On January 13, 2026, Microsoft released its first security update of the year for Windows 11, identified as KB5073455. While intended to close multiple security vulnerabilities, this update inadvertently created a compatibility conflict with a critical Windows security feature called System Guard Secure Launch. Users experiencing this bug report that clicking “Shut Down” or “Hibernate” initiates the shutdown process, but instead of powering off, the system restarts unexpectedly.

Who Is Affected?

Microsoft’s official scope clarification reveals:

Affected Editions: Windows 11 Enterprise and Windows 11 IoT editions
Affected Versions: Windows 11 version 23H2 (older consumer edition)
Required Condition: System Guard Secure Launch must be enabled on the device
NOT Affected: Windows 11 Home, Pro, and 25H2 editions

Impact Assessment:
While Microsoft classified this as a limited-scope issue affecting a small percentage of devices, the consequences are significant for affected users. Enterprise environments with security-hardened systems were particularly impacted, as many organizations enable Secure Launch by default for firmware-level protection.

What Is System Guard Secure Launch?

System Guard Secure Launch is a Windows security feature introduced during the Windows 10 era designed to protect the boot process from firmware-level attacks and malware. By ensuring that systems boot using only trusted components, it creates an additional security layer that hardens the system against sophisticated threats. Ironically, this protection mechanism became the source of conflict with the January 2026 update.

Identifying If Your System Is Affected

Before implementing any fixes, determine whether your system experiences this shutdown bug.

Method 1: Check Your Windows Edition and Version

Step 1: Press the Windows Key + R to open the Run dialog
Step 2: Type winver and press Enter
Step 3: The Windows specifications window displays your current information

What to Look For:

Edition: Should show “Enterprise” or “IoT” (Home and Pro editions are not affected)
Version: Should show “23H2” (older editions are not affected)

Method 2: Verify System Guard Secure Launch Status (PowerShell Method)

For advanced users and IT professionals:

Step 1: Right-click on PowerShell and select “Run as Administrator”
Step 2: Copy and paste the following command:

powershellGet-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard" -Name "EnableVirtualizationBasedSecurity" -ErrorAction SilentlyContinue

Step 3: Press Enter

Interpreting Results:

If a value appears showing “1” or “True,” Secure Launch is enabled, and your system may be affected if you’ve installed KB5073455
If no result appears or shows “0,” Secure Launch is not enabled, and this bug does not affect your system

Method 3: Check Installed Updates

Step 1: Press Windows Key + R
Step 2: Type appwiz.cpl and press Enter
Step 3: Click “View installed updates” in the left panel
Step 4: Search for “KB5073455”

If this update is installed and you match the affected edition/version criteria, proceed to the fix steps below.

Immediate Workaround: Command-Line Shutdown Method

If your system is affected and you haven’t yet installed the permanent fix, use this temporary workaround to properly shut down your computer without restarting.

Why This Workaround Works

The bug specifically affects the GUI-based shutdown process when Secure Launch is enabled. The command-line method bypasses this problematic code path, allowing Windows to properly close running processes and power down the system. This approach is significantly safer than forcing a shutdown by holding the power button, which can result in data loss and file corruption.

Workaround Steps

Step 1: Press Windows Key + R to open the Run dialog

Step 2: Type cmd and press Enter (this opens Command Prompt)

Step 3: At the command prompt, type the following command exactly as shown:

textshutdown /s /t 0

Step 4: Press Enter

What This Command Does:

/s = Shut down the computer
/t 0 = Specify timeout in seconds (0 means immediate shutdown)

Before Executing: Ensure all work is saved. This command initiates shutdown immediately without further prompts.

Alternative: Using PowerShell

For users who prefer PowerShell:

Step 1: Right-click on PowerShell and select “Run as Administrator”

Step 2: Type the following command:

powershellStop-Computer -Force

Step 3: Press Enter

Hibernation Note: While the shutdown /h command exists for hibernation, Microsoft has not confirmed reliable functionality for hibernation on affected systems. Stick with the shutdown command until the permanent fix is applied.

Permanent Fix: Installing KB5077797

Microsoft released the official emergency fix on January 17, 2026, addressing the shutdown bug and other critical issues introduced by the initial January update.

Understanding KB5077797

Release Date: January 17, 2026 (Out-of-Band Release)
Affected Systems: Windows 11 version 23H2 with System Guard Secure Launch enabled
Additional Fixes Included: Remote Desktop connection failures and authentication issues

Out-of-band updates (OOB) are released outside the regular monthly update schedule when critical issues require immediate remediation.

Method 1: Installing via Windows Update (Recommended for Most Users)

Step 1: Click the Windows Start menu and select “Settings”

Step 2: In the Settings window, click “System” in the left sidebar

Step 3: Click “About” at the bottom of the System menu

Step 4: Under “Related links,” click “Advanced system settings”

Step 5: The System Properties window opens. Click the “System Protection” tab

Step 6: Click “Device Manager” button

Step 7: Alternative method – Press Windows Key + I and search for “Update”

Step 8: Click “Windows Update” from the search results

Step 9: Click “Check for updates”

Step 10: Windows Update will scan for available updates, including KB5077797

Step 11: If KB5077797 appears in the available updates, click “Install now”

Step 12: Follow the on-screen prompts and allow the update to complete

Step 13: When prompted, restart your computer to complete the installation

Timeline: Most users receive KB5077797 automatically within 1-2 weeks of its release. If you haven’t received it yet, manual installation (Methods 2 or 3) is recommended.

Method 2: Manual Download from Microsoft Update Catalog

For users who need the fix immediately or prefer manual control over updates:

Step 1: Open your web browser and navigate to the Microsoft Update Catalog:
https://catalog.update.microsoft.com/Home.aspx

Step 2: In the search box, type “KB5077797”

Step 3: Press Enter to search

Step 4: Locate the appropriate update file for your Windows version:

For 64-bit systems: Look for “Windows11-KB5077797-x64”
For 32-bit systems: Look for “Windows11-KB5077797-x86”

Step 5: Click the download link next to the appropriate file

Step 6: Save the .msu file to your Downloads folder

Step 7: Once downloaded, navigate to your Downloads folder

Step 8: Double-click the downloaded .msu file

Step 9: The Windows Update Standalone Installer window opens

Step 10: Click “Yes” when prompted by User Account Control

Step 11: Click “Install” to begin installation

Step 12: Wait for the installation to complete (may take 5-10 minutes)

Step 13: Click “Restart now” when prompted, or click “Restart later” to restart manually

Verification: After reboot, you can verify successful installation using Method 3 below.

Method 3: Using PowerShell for System Administrators

IT professionals managing multiple systems can use PowerShell for streamlined deployment:

Step 1: Open PowerShell as Administrator

Step 2: Verify the current installed updates:

powershellGet-HotFix | Where-Object {$_.HotFixID -eq "KB5077797"}

Step 3: If the update is not installed, first ensure the PSWindowsUpdate module is installed:

powershellInstall-Module PSWindowsUpdate -Force

Step 4: Then install the specific update:

powershellInstall-WindowsUpdate -KBArticleID "KB5077797" -AcceptAll -AutoReboot

Step 5: Wait for the installation and automatic restart to complete

This method is particularly useful for enterprise environments using Configuration Manager (SCCM) or Group Policy-based update deployment.

Enterprise Deployment: Using WSUS and Configuration Manager

For organizations managing Windows 11 across multiple systems, deploying KB5077797 through existing infrastructure ensures consistency and control.

Prerequisites for Enterprise Deployment

Access to Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager
Administrative credentials on the management server
Connected domain-joined systems running Windows 11 version 23H2
Understanding of your organization’s update deployment policies

WSUS Deployment Steps

Step 1: Log in to your WSUS server as an administrator

Step 2: Navigate to “Updates” → “All Updates” in the WSUS administrative console

Step 3: Search for “KB5077797” in the update list

Step 4: Right-click on KB5077797 and select “Approve”

Step 5: In the approval dialog, select the appropriate computer groups (e.g., “Windows 11 Systems” or “Enterprise Workstations”)

Step 6: Select “Approved for Install” and click “OK”

Step 7: Set the deadline for installation (recommended: within 48 hours for critical security fixes)

Step 8: Clients configured to use WSUS will automatically download and install the update according to their maintenance windows

Configuration Manager (SCCM) Deployment

Step 1: In Configuration Manager console, navigate to “Software Library” → “Software Updates” → “All Software Updates”

Step 2: Create a filter to search for KB5077797

Step 3: Create a new Software Update Group and add KB5077797

Step 4: Create a deployment for the update group, targeting the collection containing Windows 11 23H2 systems

Step 5: Set the deployment type to “Required” for immediate deployment or “Available” for optional deployment

Step 6: Monitor deployment status through the Configuration Manager dashboard

Post-Installation Verification and Testing

After installing KB5077797, verify that the shutdown functionality has been restored properly.

Step 1: Verify Update Installation

Using Settings:

Press Windows Key + I to open Settings
Navigate to “System” → “About”
Scroll down and click “Advanced system settings”
Under “System Protection” tab, click “Environment Variables”
Alternative: Open PowerShell and run:

powershellGet-HotFix | Where-Object {$_.HotFixID -eq "KB5077797"} | Select-Object HotFixID, Description, InstalledOn

Expected Output: The command should return KB5077797 with the installation date

Step 2: Test Normal Shutdown

Step 1: Click the Windows Start menu

Step 2: Click the Power icon (usually in the lower left)

Step 3: Click “Shut down”

Expected Behavior: The system should gracefully shut down without restarting

Step 3: Test Restart Function

Step 1: Click the Windows Start menu

Step 2: Click the Power icon

Step 3: Click “Restart”

Expected Behavior: The system should restart normally without any shutdown loop

Step 4: Test Hibernation (Optional)

For systems that use hibernation:

Step 1: Click the Windows Start menu

Step 2: Click the Power icon

Step 3: Click “Sleep” or “Hibernate” (if available)

Expected Behavior: The system should enter the selected power state without restarting

Step 5: Monitor System Event Logs

For IT professionals wanting detailed verification:

Step 1: Right-click on PowerShell and select “Run as Administrator”

Step 2: Execute the following command:

powershellGet-WinEvent -FilterHashtable @{LogName='System'; ID=1074,1076,6006,6008} -MaxEvents 10 | Format-Table TimeCreated, ID, LevelDisplayName, Message -Wrap

What These Event IDs Indicate:

1074/1076: System shutdown/restart initiated by a user or process
6006/6008: Clean vs. unexpected shutdown events

Review these logs to confirm clean shutdowns without unexpected restarts.

Troubleshooting: When the Fix Doesn’t Work

If shutdown problems persist after installing KB5077797, follow these additional troubleshooting steps.

Issue 1: Update Installation Fails

Symptoms: KB5077797 fails to install or shows an installation error

Solution – Step 1: Reset Windows Update Components

Step 1: Right-click PowerShell and select “Run as Administrator”

Step 2: Execute these commands one by one:

powershellnet stop wuauserv
net stop cryptsvc
net stop bits
net stop msiserver

Step 3: Rename the Windows Update cache folder:

powershellRename-Item -Path "C:\Windows\SoftwareDistribution" -NewName "SoftwareDistribution.old" -Force
Rename-Item -Path "C:\Windows\System32\catroot2" -NewName "catroot2.old" -Force

Step 4: Restart these services:

powershellnet start wuauserv
net start cryptsvc
net start bits
net start msiserver

Step 5: Return to Windows Update Settings and retry the update installation

Issue 2: System Still Restarts After Fix Installation

Symptoms: Even after installing KB5077797, shutdown still triggers restart

Solution – Check Fast Startup Setting:

Step 1: Right-click on PowerShell and select “Run as Administrator”

Step 2: Temporarily disable Fast Startup:

powershellpowercfg /hibernate off
powercfg /hibernate on

Step 3: Additionally, disable Fast Startup via Settings:

Press Windows Key + I
Navigate to “System” → “Power & Battery”
Scroll down and click “Power advanced settings”
Click “Power buttons and lid” → “Additional power settings”
Click “Choose what the power buttons do”
Click “Change settings that are currently unavailable”
Uncheck “Turn on fast startup”
Click “Save changes”

Step 4: Restart your computer and test shutdown functionality again

Issue 3: Secure Launch Conflicts Persist

Symptoms: Shutdown works with Secure Launch disabled but fails when enabled

Solution – Verify Secure Launch Status:

Step 1: Open Command Prompt as Administrator

Step 2: Check current Secure Launch status:

textbcdedit /enum | findstr -i "securelaunch"

Step 3: If you need to temporarily disable Secure Launch for troubleshooting:

textbcdedit /set {current} securelaunch Off

Step 4: Restart and test shutdown

Step 5: If shutdown works with Secure Launch disabled, re-enable it:

textbcdedit /set {current} securelaunch On

Step 6: Restart and test again with the permanent fix installed

Warning: Temporarily disabling Secure Launch reduces your system’s boot-time security. Only disable it for testing purposes, and ensure it’s re-enabled after confirming the fix works.

Comparison Table: Bug Impact and Solutions

Aspect	Details
Affected Update	KB5073455 (Released: January 13, 2026)
Emergency Fix	KB5077797 (Released: January 17, 2026)
Affected Editions	Windows 11 Enterprise, Windows 11 IoT
Affected Versions	Version 23H2 only
Root Cause	Incompatibility with System Guard Secure Launch
Bug Symptom	System restarts instead of shutting down/hibernating
Temporary Workaround	Command: `shutdown /s /t 0`
Permanent Solution	Install KB5077797
Data Risk with Workaround	Minimal if users save work; safer than force shutdown
Enterprise Impact Scope	Limited to legacy version (23H2) with Secure Launch enabled

Preventing Similar Issues: Best Practices

Understanding how this bug occurred helps prevent similar problems in the future.

1. Test Updates in Controlled Environments First

Before deploying Windows updates across your organization, test them in a dedicated lab environment that mirrors your production configuration, including security settings like Secure Launch.

2. Maintain an Inventory of System Configurations

Document which systems have Secure Launch or other advanced security features enabled. This inventory enables rapid identification of affected systems when issues arise.

3. Monitor Microsoft’s Known Issues List

Microsoft publishes detailed information about known issues at:

Windows Release Health Dashboard: https://learn.microsoft.com/en-us/windows/release-health/
Windows Latest and official Microsoft tech community forums

4. Implement Staged Update Deployment

Rather than deploying updates to all systems simultaneously, use a staged approach:

Wave 1: Small pilot group (5-10% of systems)
Wave 2: Department-level rollout (25-30% of systems)
Wave 3: Full deployment if no critical issues appear

5. Configure Windows Update for Business

Use Windows Update for Business to defer updates by 14-21 days, allowing Microsoft to identify and address critical issues before they reach your systems.

FAQ: Windows 11 January 2026 Shutdown Bug

Q: Does this bug affect Windows 11 Home or Pro editions?
A: No. Microsoft confirmed the shutdown bug only affects Windows 11 Enterprise and IoT editions running version 23H2 with System Guard Secure Launch enabled. Home and Pro editions are not affected by this issue.

Q: Is my data at risk if I use the command-line workaround?
A: The command-line workaround (shutdown /s /t 0) is safe and allows Windows to close applications properly. However, any unsaved work in open applications will be lost. Always save your work before executing the shutdown command.

Q: How do I know if Secure Launch is enabled on my system?
A: Run the PowerShell command provided in the “Identifying If Your System Is Affected” section. A value showing “1” or “True” indicates Secure Launch is enabled.

Q: Can I disable Secure Launch permanently to avoid this issue?
A: While disabling Secure Launch resolves the shutdown bug, it reduces your system’s security posture by removing boot-time protections against firmware-level attacks. Disable it only temporarily for troubleshooting, and re-enable it after installing KB5077797.

Q: What if KB5077797 doesn’t resolve the shutdown issue?
A: Follow the troubleshooting steps in this guide, particularly checking Fast Startup settings and verifying Secure Launch configuration. If problems persist, contact Microsoft Support and provide details about your system configuration.

Q: Will future Windows updates be more thoroughly tested?
A: Microsoft hasn’t made specific commitments, but the rapid emergency fix release (4 days after the initial update) demonstrates their commitment to addressing critical issues quickly. The importance of staged update deployment cannot be overstated.

Q: How long will KB5077797 be available?
A: Once the fix is integrated into regular monthly updates, it becomes permanent. Manual download from the Microsoft Update Catalog remains available indefinitely.

Q: Is hibernation working properly after installing KB5077797?
A: Yes. After installing KB5077797, both hibernation and normal shutdown should function correctly on affected systems.

Key Takeaways

Scope Understanding: The Windows 11 January 2026 shutdown bug specifically affects Windows 11 Enterprise and IoT editions (version 23H2) with System Guard Secure Launch enabled. Most users are not affected.
Immediate Solution: If your system is affected, use the temporary workaround shutdown /s /t 0 in Command Prompt until the permanent fix is available.
Permanent Fix: Install KB5077797, released by Microsoft on January 17, 2026. This emergency update completely resolves the shutdown and hibernation issues.
Enterprise Deployment: Organizations can deploy KB5077797 through existing update management infrastructure (WSUS, Configuration Manager) for coordinated system updates.
Prevention: Implement staged update deployment and maintain detailed system configuration inventories to minimize the impact of future update issues.

Also read: Fix Windows 11 Shutdown Bug KB5077797