Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Find information on known issues and the status of the Windows 11, version 22H2 rollout. For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X (formerly Twitter) for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.
Summary | Originating update | Status | Last updated |
---|---|---|---|
Windows 11, version 24H2 might not download via Windows Server Updates Services Devices with April 2025 security update fail to download, showing error 0x80240069 | OS Build 22621.5189 KB5055528 2025-04-08 | Mitigated | 2025-05-05 17:39 PT |
August 2024 security update might impact Linux boot in dual-boot setup devices This issue might impact devices with dual-boot setup for Windows and Linux when SBAT setting is applied | OS Build 22621.4037 KB5041585 2024-08-13 | Mitigated | 2024-09-20 12:41 PT |
Status | Originating update | History |
---|---|---|
Mitigated | OS Build 22621.5189 KB5055528 2025-04-08 | Last updated: 2025-05-05, 17:39 PT Opened: 2025-04-29, 15:40 PT |
Devices which have installed the April Windows monthly security update, released April 8, 2025, or later (starting with KB5055528) might be unable to update to Windows 11, version 24H2 via Windows Server Update Services (WSUS). WSUS allows Servers with the WSUS role to defer, selectively approve, and schedule updates for specific devices or groups across an organization.
As part of this issue, the download of Windows 11, version 24H2 does not initiate or complete. Windows updates log can show error code 0x80240069, and further logs might include text similar to "Service wuauserv has unexpectedly stopped".
Home users are unlikely to experience this issue, as WSUS is designed for use across business and enterprise environments.
Resolution: This issue is mitigated using Known Issue Rollback (KIR) for enterprise-managed devices managed by IT departments that have installed the affected update and encountered this issue. IT administrators can resolve this issue by installing and configuring the Group policy listed below.
Group Policy downloads with Group Policy name:
- Download for Windows 11, version 23H2 and Windows 11, version 22H2 – Windows 11 22H2 KB5055528 250426_03001 Known Issue Rollback.msi (also applicable to Windows 11, version 23H2)
The special Group Policy can be found in Computer Configuration > Administrative Templates > <Group Policy name>. For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback.
Next steps: We are presently investigating and will provide an update when more information is available.
Affected platforms:
- Client: Windows 11, version 23H2; Windows 11, version 22H2
- Server: None
Status | Originating update | History |
---|---|---|
Mitigated | OS Build 22621.4037 KB5041585 2024-08-13 | Last updated: 2024-09-20, 12:41 PT Opened: 2024-08-21, 18:33 PT |
After installing the August 2024 Windows security update, (KB5041585) or the August 2024 preview update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”
The August 2024 Windows security and preview updates apply a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.
IMPORTANT: This known issue only occurs with the installation of the August 2024 security and preview updates. The September 2024 security update (KB5043076) and later updates do not contain the settings that caused this issue. If you install the September 2024 update, you don’t need to apply the workaround below.
Workaround:
If your Linux becomes unbootable after installing the August 2024 security or preview updates, you can recover your Linux system by following these instructions.
Important: This documentation contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, see How to back up and restore the registry in Windows. Also, note that modifying firmware settings incorrectly might prevent your device from starting correctly. Follow these instructions carefully and only proceed if you are confident in your ability to do so.
- Boot into your device’s firmware settings.
- Disable Secure Boot (steps vary by manufacturer).
- Boot into Linux.
- Open the terminal and run the below command:
sudo mokutil --set-sbat-policy delete
- Enter your root password if prompted.
- Boot into Linux once more.
- In the terminal, run the below command:
mokutil --list-sbat-revocations
- Ensure the list shows no revocations.
- Reboot into the firmware settings.
- Re-enable Secure Boot.
- Boot into Linux. Run the below command:
mokutil --sb-state
- The output should be “SecureBoot enabled”. If not, retry step d).
- Boot into Windows.
- Open Command Prompt as Administrator and run:
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecureBoot\SBAT /v OptOut /d 1 /t REG_DWORD
At this point, you should now be able to boot into Linux or Windows as before. It’s a good time to install any pending Linux updates to ensure your system is secure.
NOTE: On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
Next Steps: We are working on a final resolution that will be available in a future Windows update. We recommend you install the September 2024 update or later Windows updates to avoid this issue.
Affected platforms:
- Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise 2015 LTSB
- Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Report a problem with Windows updates
To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.
Need help with Windows updates?
Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.
For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.
View this site in your language
This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.
Additional resources
Training
Learning path
Stay current with Windows devices and Microsoft 365 Apps - Training
Learn how to effectively roll out updates to Windows devices and Microsoft 365 Apps. You can deploy updates faster and support your remote workforce by following a three-phase process, **Plan > Prepare > Deploy**.
Certification
Microsoft Certified: Windows Server Hybrid Administrator Associate - Certifications
As a Windows Server hybrid administrator, you integrate Windows Server environments with Azure services and manage Windows Server in on-premises networks.