Windows Updates: New Boot Certificates, Error Fixes, and New Problems
Microsoft released unplanned updates over the weekend. They correct errors in the January patches and bring new boot certificates.
(Image: heise online / dmk)
Microsoft released several Windows updates over the weekend. They partially fix issues with the security patches from the January Patch Day. Additionally, Microsoft is beginning to replace Windows' boot certificates expiring in June with its own updates. The manufacturer is now investigating newly occurring problems.
Microsoft has released an out-of-band update that is intended to resolve issues with applications no longer responding after installing the January patches. "After installing the Windows update released on and after January 13, 2026, some applications stopped responding or encountered unexpected errors when opening files from or saving files to cloud-based storage such as OneDrive or Dropbox," Microsoft explains regarding the errors corrected by it. The update also caused Outlook to hang when its PST files were stored on OneDrive.
In the Windows Release Health Message Center Microsoft writes that the update is available for many versions and is cumulative, meaning it includes the security fixes from the January update: Windows 11 25H2 and 24H2 (KB5078127), Windows 11 Enterprise 25H2 and 24H2 (Hotpatch KB5078167), Windows 11 23H2 (KB5078132), Windows 10 ESU (22H2) and Enterprise LTSC 2021 (KB5078129), Windows Server 2025 (KB5078135), Windows Server 2025 Datacenter: Azure Edition (Hotpatch KB5078239), Windows Server 23H2 (KB5078133), Windows Server 2022 (KB5078136), Windows Server 2022 Datacenter: Azure Edition (Hotpatch KB5078238) and Windows Server 2019 as well as Windows 10 Enterprise LTSC 2019 (KB5078131).
New Secure Boot Certificates
Microsoft has also begun distributing its own Windows updates to replace Secure Boot certificates. This may lead to unexpected restart prompts.
(Image:Â heise medien)
Apparently, Microsoft is initially only replacing one out of four certificates, the Key Exchange Key (KEK). The certificate "Microsoft Corporation KEK CA 2011" is being replaced by "Microsoft Corporation KEK 2K CA 2023". It is used for signing DB (database of allowed signatures) and DBX (database of disallowed signatures). Last June, Microsoft sought public input to prepare admins for the upcoming certificate exchange for the Secure Boot certificates expiring this June – now it's starting.
Videos by heise
Meanwhile, Microsoft is investigating issues with computers that fail to boot after installing the January patches, displaying the error message "UNMOUNTABLE_BOOT_VOLUME". This was posted by admins from Microsoft's message center on Reddit. Windows 11 25H2 and 24H2 are affected. However, since the problem can occur after installing the January patches from January 13, 2026, it is apparently not related to the now updated Secure Boot certificates.
(dmk)
