Microsoft is currently addressing a significant issue affecting its Surface Hub v1 devices, specifically those operating on Windows 10, version 22H2. Following the installation of the KB5060533 security update released in June 2025, users have reported encountering Secure Boot errors that prevent their devices from starting up.
Details of the Issue
The error message presented to users reads: ‘Secure Boot Violation. Invalid signature detected. Check Secure Boot Policy in Setup.’ Notably, this issue is confined to Surface Hub v1 systems and does not extend to the newer Surface Hub 2S and Surface Hub 3 models, as confirmed by the company.
In a proactive response, Microsoft implemented a mitigation strategy just one day after the issue was identified. This action was taken to safeguard additional Surface Hub v1 devices from experiencing similar startup failures after the problematic update. “A mitigation was released on July 11, 2025, that prevents additional Surface Hub v1 devices from encountering this issue,” the company stated.
Context of the Update
The KB5060533 update, which is at the center of this situation, was designed to rectify another issue affecting Hyper-V virtual machines running Windows 10, Windows 11, and Windows Server, which were prone to freezing or restarting unexpectedly.
On the same day, Microsoft rolled out security updates addressing a total of 66 vulnerabilities, including a critical WebDAV zero-day (CVE-2025-33053) that was actively being exploited, along with a publicly disclosed Windows SMB privilege escalation vulnerability (CVE-2025-33073). Among these updates, ten were categorized as critical, with eight allowing potential remote code execution on unpatched devices and two enabling privilege escalation.
Furthermore, Microsoft took additional steps this week by releasing an emergency update for Windows 11 (KB5063060) to resolve an incompatibility issue with Easy Anti-Cheat, which had been causing some systems to experience blue screen of death (BSOD) errors.
