Microsoft's Latest Update Locks Users Out Of Their Own Computers

A routine software update has spiraled into a major service disruption for millions. Microsoft has confirmed that its March 2026 cumulative update for Windows 11, designated KB5035853, is causing widespread authentication failures, preventing users from signing into their devices with Microsoft accounts. The admission, reported by BleepingComputer (@BleepinComputer), followed a surge of user reports across forums and social media, describing an endless loop of password prompts and error messages after installing the supposedly stable patch.

Internal documents show the update was flagged as a priority security release, bundling numerous fixes for vulnerabilities. However, engineers close to the project say the rollout has been anything but smooth. The core issue appears to be a breakdown in the communication between the updated local security subsystem and Microsoft’s cloud-based authentication servers. When a user attempts to sign in, the local process fails to properly validate credentials with Azure Active Directory, even if those credentials are perfectly correct. This isn't just an inconvenience for home users; it has frozen corporate employees out of managed devices, crippling productivity and triggering a flood of tickets to internal IT departments.

The impact is severe because the Microsoft account is the linchpin of the modern Windows experience. Being locked out means no access to synchronized files in OneDrive, no settings roaming between devices, and, for many, no ability to use app stores or certain subscription services tied to that identity. For businesses, it disrupts access to Entra ID (formerly Azure AD)-joined machines, a cornerstone of their zero-trust security models. The failure underscores the fragility of an ecosystem that has aggressively migrated authentication to the cloud, where a single flawed patch can have immediate, global consequences.

Microsoft has stated that it is investigating the issue and working on a resolution. The immediate guidance is for affected users to utilize known workarounds, such as signing in with a local account if one is available, using Windows Hello PIN or biometrics if they were previously set up, or leveraging system restore to roll back the update. What remains uncertain is the timeline for a formal fix. The company must now engineer, test, and deploy a new patch without introducing further instability, a process that could take days. In the meantime, the incident has effectively halted the automatic deployment of the March update for many, serving as another stark reminder of the risks inherent in mandatory, connected software ecosystems.

Source: https://x.com/BleepinComputer/status/2034896158888169804