Windows 11 January 2026 Patch Tuesday: OOB Fixes for RDP and Secure Launch

Microsoft moved quickly to contain a trio of disruptive regressions introduced by the Windows 11 January 2026 Patch Tuesday wave, shipping targeted out‑of‑band (OOB) updates that restored Remote Desktop sign‑in flows and fixed a configuration‑dependent shutdown/hibernate bug — while a separate Outlook Classic (POP/PST) problem remains under investigation and, for some users, still unusable.

Background / Overview​

Microsoft’s normal Patch Tuesday cadence delivered the January 2026 cumulative updates on January 13, 2026. Within days, telemetry and community reports flagged three distinct problems:

• Remote Desktop authentication and sign‑in failures affecting the modern Windows Remote Desktop App and cloud desktop services such as Azure Virtual Desktop and Windows 365 Cloud PCs.
• A Secure Launch shutdown/hibernate regression that caused some Windows 11 version 23H2 systems with System Guard Secure Launch enabled to restart instead of powering off or hibernating.
• Outlook Classic (POP/PST) hangs and crashes for profiles that use POP or have PST files stored on cloud‑synced locations such as OneDrive.

Microsoft acknowledged the regressions and issued emergency corrections on January 17, 2026 (with follow‑up OOB and hotpatch packages later in the month). The vendor’s OOB KB pages list Remote Desktop and Secure Launch fixes explicitly, while the Outlook Classic issue remains listed as investigating on Microsoft’s st.micro

---

Timeline: What happened and when​

• January 13, 2026 — Microsoft published the January cumulative security updates (Patch Tuesday), including LCUs for Windows 11 servicing branches. These e regression symptoms observed in the days that followed.
• January 13–16, 2026 — Field reports and forum threads documented Remote Desktop sign‑in failures and Secure Launch shutdown anomalies; Outlook Classing hangs and PST redownload issues.
• January 17, 2026 — Microsoft released initial out‑of‑band updates: KB5077797 for Windows 11 version 23H2 and KB5077744 for Windows 11 24H2/25H2 (and companion KBs for Server and ESU channels) to remediate Remote Desktop and Secure Launch problems.
• January 24, 2026 — Microsoft rolled additional OOB and hotpatch packages (for example KB5078127 and hotpatch KB5078167) that consolidated prior fixes and addressed file‑system/cloud storage interactions that created app‑hang scenarios, including some Outlook/PST behaviors.

This chronology is documented on Microsoft’s update pages and corroborated by independent coverage and community reporting.

---

The fixes Microsoft shipped (what each KB does)​

KB5077797 — Windows 11, version 23H2 (OS Build 22631.6494)​

• Purpose: OOB cumulative update that rolls the January 13 fixes forward and resolves Remote Desktop sign‑in failures and the Secure Launch restart‑on‑shutdown/hibernate regression on affected 23H2 devices. The package includes a servicing stack update (SSU).
• Operational note: The combined SSU+LCU packaging changes uninstall semantics — Microsoft documents that removing the combined package requires DISM/Remove‑Package and that wusa.exe /uninstall will not remove the SSU.

KB5077744 — Windows 11, versions 24H2 and 25H2​

• Purpose: OOB cumulative update to restore Remote Desktop authentication and credential‑prompt flows that were broken by the January 13 update on those branches; includes a servicing stack update and hotpatch/hotfix mechanics for certain channels.

KB5078127 and KB5078167 (January 24 hotpatch / OOB)​

• Purpose: Consolidate the January fixes, address file system and cloud‑storage interactions that could cause applications to become unresponsive when interacting with OneDrive/Dropbox, and deliver hotpatch behavior (no reboot required for eligible devices in KB5078167). These packages explicitly address the Outlook/PST/OneDrive hang scenarios reported after earlier updates.

Independent outlets and community threads confirm that these packages were Microsoft’s rapid response to user‑facing regressions introduced by the January 13 cumulative updates. (windowscentral.com)

---

Technical anatomy: why these regressions happened​

Secure Launch, servicing orchestration, and the shutdown path​

System Guard Secure Launch is a virtualization‑based early‑boot protection that changes how the platform initializes and enforces a measured boot. Cumulative updates use multi‑phase servicing: staging files online and committing them offline during a restart or shutdown. On certain firmware/driver combinations, Secure Launch’s altered boot and pre‑OS semantics interfered with the offline commit sequence and the OS’s ability to preserve the final power intent (shutdown ve). To ensure update commits complete, the system fell back to performing a restart — the safer servicing outcome — producing the observed symptom: a brief black screen followed by an unexpected reboot. Microsoft characterized this as a configuration‑dependent interaction rather than a universal failure.

Remote Desktop authentication flow break​

The Remote Desktop regression surfaced during the authentication phase for modern RDP clients (notably the Windows App, AVD, and Windows 365 clients). The break occurred before session creation — repeated credential prompts, aborted authentication handshakes, or immediate sign‑in failures prevented connections to Cloud PCs and brokered desktops. Because the symptom presented across multiple servicing branches and client types, Microsoft shipped targeted fixes for RDP authentication libraries and the affected broker flows in several OOB packages.

Outlook Classic (POP/PST) hangs — cloud storage interplay​

Outlook Classic profiles that store PST files on OneDrive (or other cloud‑sync services) could hang, refuse to exit, or redownload previously retrieved messages after the January updates. Microsoft’s advisory notes that application hangs when opening or saving files to cloud‑based storage were observed and that moving PST files out of OneDrive is a recommended workaround while investigation continues. The vendor lists this issue as investigating and has pushed subsequent OOB packagress file‑system/cloud storage interactions.

---

Who was affected — scope and scale​

Microsoft described the Secure Launch shutdown regression as configuration‑dependent and therefore concentrated on devices where System Guard Secure Launch is enabled — primarily enterprise, education, and some IoT images. The Remote Desktop authentication failures had a broader footprint, touching Windows 11 23H2/24H2/25H2, select Windows 10 ESU channels, and some Windows Server SKUs where the modern Windows App or cloud broker flows are used. The Outlook Classic issue affected users with POP profiles or PSTs stored on cloud‑synced folders; Microsoft lists multiple client and server targets in the advisory. Precise counts were not published publicly; Microsoft and community reporting indicate the number of impacted endpoints was small relative to the overall installed base, but high‑impact where it hit (for example, call centers, Cloud PC users, or managed fleets).
Note: Microsoft has not published exact telemetry counts for affected devices. Where you see language such as “a relatively small number,” treat that as the vendor’s qualitative assessment and not a quantified metric.

---

Practical guidance: what users and admins should do now​

Below are step‑by‑step mitigations and best practices, prioritized for safety and minimal disruption.

Immediate steps for end users (non‑administrators)​

• Check Windows Update and install any available OOB updates: if your device has already received the January 17 or January 24 packages (for example, KB5077797, KB5077744, KB5078127, or KB5078167), install them and reboot if prompted. Microsoft’s KB pages list what each OOB contains.
• If your system restarts instead of shutting down and you have Secure Launch enabled, try the deterministic shutdown command from an elevated Command Prompt: shutdown /s /t 0. This bypasses the failing GUI power‑intent path and was listed as an emergency workaround by Microsoft.
• If Outlook Classic (POP/PST) is hanging and your PST is stored on OneDrive, temporarily move PST files out of OneDrive or use webmail as a stopgap. Microsoft recommends moving PSTs off cloud‑synced folders until a permanent fix is published.

Recommended actions for IT admins and managed environments​

• Prioritize deployment of Microsoft’s OOB packages that match your servicing branch: KB5077797 (23H2), KB5077744 (24H2/25H2), and the January 24 consolidations (KB5078127 / hotpatch KB5078167 where applicable). These fixes restore RDP sign‑ins and address Secure Launch behavior.
• Use Known Issue Rollback (KIR) and Group Policy where appropriate rather than wholesale uninstall of the January LCU when possible. KIR enables targeted rollbacks of specific changes without removing the entire cumulative update. Microsoft’s guidance for enterprise rollouts advocates targeted mitigations to preserve security posture.
• If you must remove the LCU, be aware the combined SSU+LCU packaging changes uninstall behavior: the SSU cannot be removed by wusa.exe; instead use DISM with Remove‑Package and carefully follow Microsoft’s documented steps. Always validate the package identity with DISM /online /get-packages before removal and ensure you have full backups or a rollback plan.
• For Cloud PC, AVD, and Windows 365 environments, consider temporary fallbacks while remediation is applied: use the classic Remote Desktop Connection client or the AVD/Cloud PC web client to restore access for affected users until the OOB patch is deployed.
• Test OOB and hotpatch packages in a representative staging ring before broad deployment — hotpatches (for eligible SKUs) can apply without restart, t remediation path. KB5078167 documents hotpatch mechanics and the no‑restart benefit for eligible environments.

---

How to verify whether the fixes are installed and what to look for​

• Windows Settings > Windows Update > View update history will show installed KBs and hotpatches by KB number and install date. Microsoft’s KB pages list the package names and OS build numbers for verification.
• Check OS build via winver to confirm the OS Build matches the one listed on the KB page (22631.6494 for KB5077797 on 23H2).
• For enterprise inventories, use your management platform (Intune, SCCM, WSUS, Autopatch) to report installed updates by KB number and to expedite deployment to critical rings. Microsoft’s OOB KB pages include Intune and Autopatch guidance for expedited quality updates.

---

Critical analysis: strengths, shortcomings, and operational risks​

Notable strengths​

• Microsoft’s response speed was fast: within four days of the January 13 rollout the company published OOB corrective patches (January 1th additional consolidations and hotpatches on January 24. Rapid emergency updates reduced downtime risk for many cloud‑desktop and managed deployments.
• The vendor publishee interim workarounds (shutdown command, alternative RDP clients) and documented known issues on official support pages, enabling administrators to triage while awaiting fixes.

Shortcomings and risks​

• Packaging and uninstall complexity: combining SSUs and LCUs into a single package changes rollback semantics and complicates uninstallation. Administrators who attempt quick rollbacks without following Microsoft’s DISM guidance risk leaving SSUs in place or failing to remove the regressed LCU cleanly. Microsoft’s KB warns that wusa /uninstall will not remove SSUs.
• Regressions from security updates demonstrate a persistent risk: low‑level security/firmware/boot changes can interact unpredictably with platform protections such as Secure Launch, creating reliability regressions in operationally sensitive subsystems like power management. That dynamic poses a continuing supply‑chain challenge for patch governance in large fleets.
• The Outlook Classic (POP/PST) issue shows cross‑product interactions (Windows servicing + Office + cloud‑sync providers) can produce emergent failures that are harder to detect in pre‑release testing, particularly when customer environments use non‑default storage layouts (PSTs on OneDrive). Microsoft’s ongoing investigation and the need for follow‑up hotpatches illustrate this complexity.

Operational advice (tradeoffs)​

• For critical fleets that rely on Cloud PCs and brokered desktops, apply the relevant OOB updates to restore access quickly; delaying may leave users unable to sign into remote sessions. For unmanaged consumer devices that do not use Secure Launch, the risk of the shutdown regression is lower, but the Outlook/PST symptoms may still apply for PSTs on OneDrive.
• Avoid knee‑jerk, blanket uninstalls of January LCUs unless you have a tested rollback path and verified backups; prefer KIR or controlled DISM removal procedures when necessary to keep devices patched for security while removing only the problematic changes.

---

What remains unresolved and what to watch for​

• Outlook Classic behavior for POP/PST profiles remains under active investigation on Microsoft’s advisories; while later OOB packages attempt to address cloud‑storage interactions, users relying on classic Outlook should assume at least temporary disruption until Microsoft publishes a confirmed fix. Use webmail or move PSTs out of OneDrive as interim mitigations.
• Microsoft’s ongoing updates (hotpatches and subsequent cumulative rollups) could adjust known issue status and uninstall mechanics; admins must monitor Microsoft’s Release Health and update history pages closely and plan rolling test deployments before mass rollout.

Cautionary note: community reports and vendor advisories are consistent on symptoms and fixes, but Microsoft has not published a numerical breakdown of affected device counts; any claim about “widespread” vs “limited” impact should be treated with that limitation in mind.

---

Practical checklist for admins (quick reference)​

• Inventory devices to identify those with System Guard Secure Launch enabled.
• Prioritize deployment of the matching OOB for each servicing branch (KB5077797 for 23H2; KB5077744/KB5078127/KB5078167 for 24H2/25H2 and hotpatch‑eligible SKUs).
• For Cloud PC/AVD users, enable fallback to classic RDP or web clients until patches are validated.
• If uninstalling the LCU, follow Microsoft’s documented DISM Remove‑Package guidance and verify SSU presence before attempting wusa uninstall.
• For Outlook POP/PST users with PSTs on OneDrive, move PSTs out of cloud‑synced folders and use webmail until a confirmed fix is available.

---

Final assessment and recommendations​

Microsoft’s rapid issuance of out‑of‑band updates on January 17 and the consolidated hotpatch/OOBs on January 24 show a responsive incident handling process that prioritized restoring remote access and fixing platform‑level power behavior. That responsiveness reduced downtime risk for many enterprise and Cloud PC users, and later hotpatches reduced operational impact by enabling no‑restart remediation for eligible systems.
However, the incident highlights persistent systemic risks in modern cumulative servicing:

• Packaging SSU with LCU complicates rollbacks and requires administrators to update rollback playbooks.
• Deep security features like System Guard Secure Launch can interact unpredictably with servicing logic, necessitating more targeted pre‑release testing on enterprise images.
• Cross‑product interactions (Windows servicing + Office + cloud sync) can produce emergent failures that are difficult to simulate at scale.

For readers and administrators: treat the immediate OOB packages as necessary fixes (install them after testing), use the documented workarounds where appropriate, and update operational runbooks to include DISM removal procedures and KIR options. Keep monitoring Microsoft’s Release Health pages and the official KB entries for status changes on the Outlook Classic investigation and any further hotfixes.

---

Microsoft’s January 2026 servicing cycle offers an instructive case study: patch fast, but test faster — especially when updates touch boot‑time protections, remote‑access authentication, and application interactions with cloud storage. The vendor responded quickly and released fixes that address the most disruptive regressions, but administrators should remain cautious: validate deployments, prepare for nuanced rollback steps, and treat the Outlook Classic issue as unresolved until Microsoft confirms a permanent remediation.

---

Source: El-Balad.com Microsoft Resolves Windows 11 January 2026 Update Bugs with New Fix