An increasing number of Windows 11 users are experiencing an issue where their computers restart instead of shutting down completely. Microsoft confirmed that the flaw, which originated after a recent security update, affects a wider spectrum of devices than initially estimated. The unexpected behavior is directly linked to advanced operating system security settings.
The company’s investigation found that the trigger for the error lies in the interaction between the security patch and features such as Secure Launch and Virtual Secure Mode (VSM), technologies designed to protect the system boot process against firmware and malware threats. The flaw prevents the shutdown or hibernation cycle from completing correctly, forcing an automatic restart of the device.
Since the first reports in early January 2026, Microsoft has been monitoring the situation and has already started distributing an emergency fix to mitigate the impact. The solution is being implemented gradually through Windows Update, aiming to restore normal functionality without compromising the security of affected systems.
Security settings at the heart of the matter
Technical analysis revealed that the issue is more prevalent on systems where the Secure Launch feature is enabled. Essa protection layer, which uses virtualization technologies to isolate critical system components, is common in editions such as Windows 11 Enterprise and Education, often used in corporate and educational environments.
Devices that combine the use of the TPM 2.0 security chip with the Inicialização Segura (Secure Boot) functionality also demonstrated greater vulnerability to the bug. Embora Although these settings represent a modern security standard, interaction with the January update generated the conflict that prevents shutdown. Microsoft clarified that not all machines with these specifications are affected, but the correlation is significant.
Fault details and impacted versions
The bug was introduced with the cumulative security update distributed on January 13, 2026. Inicialmente, reports were concentrated in a small group of users, but the affected base expanded as more IT administrators and users applied the patch to their fleets of machines. The flaw mainly affects Windows 11 version 23H2, which is currently the most widespread.
Systems still operating on older versions, such as 21H2, have not experienced the issue, in part because support for these editions is being gradually phased out. On the other hand, machines that were already updated to the 24H2 preview version recorded a notably lower incidence, suggesting that changes to the system core may have prevented the conflict. Ambientes using Windows 11 IoT Enterprise were also included in the list of systems requiring attention.
The main symptom observed is the immediate restart of the computer after the user selects the “Shutdown” option in the Iniciar menu. The screen goes off as if the process was occurring normally, but within a few seconds the manufacturer’s logo appears and the operating system loads again. Esse cycle prevents the hardware from being completely turned off, maintaining power consumption.
In addition to shutdown, the hibernation function also proves to be inoperative for many users. When trying to hibernate, the computer either returns to the previous state without saving the session or simply restarts in the same way as when shutting down. Additional Relatos mention cases of crashes during the process, with the system’s coolers and LEDs remaining active indefinitely until a forced shutdown is performed.
Emergency solution via Known Issue Rollback
To contain the issue without requiring users to uninstall a critical security update, Microsoft has activated the Known Issue Rollback system (KIR). Essa technology allows the company to remotely disable the specific change that is causing the bug, rolling back only the problematic piece of code without affecting the rest of the security suite. KIR acts as a switch that corrects unwanted behavior, ensuring that protections against other vulnerabilities remain active on the system. Distribution of this fix is automatic to consumer and unmanaged computers, with full propagation taking between 24 and 48 hours to reach all devices connected to Windows Update. In corporate environments, IT administrators have the option to speed up the process by implementing specific group policies that force rollback to be applied immediately across the entire network. Essa centralized approach is essential to guarantee stability on a large scale, preventing hundreds or thousands of machines in an organization from remaining with faulty behavior. The company provided the necessary technical documentation so that information technology teams can apply the repair in a controlled and efficient manner.
Temporary measures and recommendations
While the automatic fix does not reach all devices, Microsoft advises users not to perform forced shutdowns by repeatedly pressing the power button. Essa practice, although it resolves the situation momentarily, increases the risk of file corruption and can cause instability in the operating system in the long term. Manually checking for new updates through the “Settings” and “Windows Update” menu is the first recommended measure.
For advanced users and IT administrators who require an immediate solution, temporarily disabling Secure Launch through an edit to the Windows registry or via group policies (GPO) resolves the issue instantly. Contudo, this approach implies reducing the level of security at system startup, and should be considered a palliative measure and reverted as soon as the definitive fix for Microsoft is applied.
Update history and next steps
The Windows ecosystem is no stranger to issues arising from updates, especially when they involve complex security features. Versões earlier than Windows 11, such as 22H2, already faced compatibility issues that affected performance and stability. The company has invested in improving its testing processes, using validation rings and insider programs to identify bugs before large-scale release, but the vast diversity of hardware and software on the market continues to be a challenge.
Microsoft is already developing a permanent patch that will fix the root cause of the shutdown issue. Essa final solution will be integrated into the next monthly update cycle, known as “Patch Tuesday”, scheduled for February 2026. The company also maintains a public page, the Windows Release Health Dashboard, where users can track the official status of known issues and their resolutions.
Microsoft shares
The company reported that monitoring of the problem remains active and that technical support channels are prepared to assist users who still face difficulties even after implementing emergency fixes.
