Table of Contents
Why is the new Windows 11 Secure Boot update causing boot violations?
Microsoft released Preview Update KB5074105 for Windows 11 versions 24H2 and 25H2 on January 29, 2026. This release follows a turbulent patching period earlier this month. While this update addresses critical stability errors—specifically regarding GPU crashes and iSCSI boot failures—it introduces significant changes to the Secure Boot architecture.
My professional advice: Unless your system currently suffers from the specific crashes listed below, you should delay installation. This is an optional preview. The stable version of these fixes will arrive in the mandatory security update next month.
Critical Risk: Secure Boot Architecture Changes
The most sensitive component of this update involves the Boot Manager. Windows will replace the older 2011 signed bootmgfw.efi with a new 2023 signed version. This action updates the Secure Boot Signature Database (DB) on compatible devices.
The Risk: Modifying the DB or toggling Secure Boot settings post-update may trigger a “Secure Boot violation.” This error prevents Windows from loading.
The Solution: If you encounter this specific boot failure, you must create and deploy Secure Boot recovery media to restore access.
Essential Bug Fixes
This update resolves several high-impact defects affecting system stability and user experience:
- GPU System Crashes: Microsoft fixed a critical error involving dxgmms2.sys. Previously, specific GPU configurations triggered a KERNEL_SECURITY_CHECK_FAILURE Blue Screen of Death.
- iSCSI Boot Loops: Administrators utilizing iSCSI boot environments should note that the “Inaccessible Boot Device” error has been resolved.
- Login Interface: The missing Password icon on the lock screen, a persistent annoyance since update KB5064081, has been restored.
- Black Screen Events: The update corrects an issue where isolated multiuser environments displayed black screens immediately following a Windows upgrade.
- File Explorer Logic: The system now correctly respects desktop.ini configurations. Custom folder names defined by LocalizedResourceName will appear as intended.
New Administrative Capabilities
Microsoft has introduced functional changes for system administrators and IT professionals:
- Smart App Control (SAC) Flexibility: In a significant shift, administrators can now enable or disable Smart App Control without reinstalling the entire operating system. This removes a major friction point for enterprise deployment.
- DPAPI Key Management: A new feature allows for the automated rotation of Data Protection Application Programming Interface (DPAPI) domain backup keys. This enhancement strengthens cryptographic standards and retires obsolete encryption algorithms.
- AI Language Expansion: The “hiring agent” AI component now supports a broader range of languages, including Hindi, Japanese, Spanish, and German.
Final Recommendation
This update is optional and must be manually triggered via the Microsoft Update Catalog or Windows Update settings. Because preview updates essentially utilize the public as beta testers, stability is not guaranteed.
Wait for the cumulative security update scheduled for February. By then, any unforeseen issues introduced by KB5074105 will likely have mitigation strategies in place.