The “Unstoppable” PC: Why Microsoft’s Latest Security Update is Refusing to Let Windows 10 Die
Do Son 
The cumulative updates disseminated by Microsoft in January for Windows 11 have precipitated a series of technical anomalies, notably an issue where certain devices fail to transition into a dormant sleep state or terminate their operations correctly; frequently, the system undergoes an involuntary reboot upon the user’s attempt to initiate a shutdown.
Microsoft has formally acknowledged that these defects have extended their reach to Windows 10, specifically affecting systems where Virtualization-Based Security (VBS/VSM) is active. Virtual Secure Mode (VSM) serves as a foundational security architecture, leveraging hardware virtualization to curate an isolated and fortified memory environment—a “secure kernel”—that remains distinct from the primary operating system. This segregation ensures that even in instances of severe malware infiltration, the protected enclave remains inaccessible to malicious actors.
Microsoft utilizes VSM to safeguard sensitive credentials, cryptographic keys, and security tokens from kernel-level exploits and “pass-the-hash” incursions, enabling advanced protections such as Credential Guard and Device Guard within Enterprise iterations of Windows 10 and 11.
The corporation reports that Windows 10 version 22H2, alongside the LTSC 2021 and 2019 editions, will experience these shutdown failures if the KB5078131 or KB5073724 updates are installed while VSM is enabled.
As an interim mitigation, Microsoft advises affected users to manually terminate their sessions via the command-line interface using the directive shutdown /s /t 0. A comprehensive resolution is currently being engineered to rectify this defect across both Windows 10 and 11 ecosystems.
It is worth noting that the majority of standard Windows 10 users likely do not have Virtual Secure Mode active, and thus their routine shutdown procedures should remain unimpeded. However, should an individual find their system afflicted, the aforementioned command-line protocol remains the most effective recourse.
Related Posts:
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
