Just when it seemed that Microsoft had reached a low point with its Windows security updates, another setback has emerged. Following the recent Patch Tuesday updates, the company has confirmed that Windows Hello, its biometric authentication feature, has encountered significant issues. Users are now left grappling with login difficulties that stem from the latest security patches.
Hello Security Update, Goodbye Windows Hello
Three statements stand true in this scenario:
- Windows 11 is touted as the most secure version of Microsoft’s operating system to date.
- Windows Hello offers a secure method for user authentication.
- Patch Tuesday security updates are crucial for safeguarding systems and data against potential threats.
However, as some users have recently discovered, the intersection of these truths can lead to unforeseen complications.
After the installation of update KB5055523, part of the April Patch Tuesday rollout, users found themselves facing unexpected hurdles. This particular update, which also introduced an unsolicited “inetpub” folder to systems, has now been linked to issues preventing users from logging into Windows services via Windows Hello’s facial recognition or PIN features. The situation has prompted a collective sense of disbelief among affected users.
Microsoft has indicated that the problem primarily affects Windows 11 24H2 users and server platforms that have the cumulative update applied, specifically when certain security features are enabled. While this may offer a sliver of mitigation for Microsoft, it does not absolve the company from the responsibility of adequately testing updates against these configurations prior to their global release. The security configuration in question pertains to the System Guard Secure Launch or Dynamic Root of Trust for Measurement feature, which must be enabled post-update installation.
For those impacted, Microsoft has issued a warning: “After installing this update and performing a Push button reset or Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, some users might be unable to login to their Windows services using Windows Hello facial recognition or PIN.”
The Broken Windows Hello Workaround
In light of these challenges, Microsoft has provided some interim workarounds while it works towards a more permanent solution. To regain access using a PIN, Windows 11 users are advised to follow the “Set my PIN” prompts that appear on the login screen to re-enroll in the Windows Hello feature.
Similarly, users wishing to utilize biometric authentication must undergo a re-enrollment process. This can be accomplished by navigating to Settings > Accounts > Sign-in options > Facial recognition and following the setup instructions provided.
As the situation unfolds, I have reached out to Microsoft for further clarification regarding the Windows Hello security update issue, hoping for a swift resolution to this ongoing dilemma.
