Windows now ignores the desktop.ini files if you can't prove the file is genuine
Each month, Microsoft's security updates carry the weight of protecting hundreds of millions of machines — a necessary and largely invisible labor. But in June 2026, the KB5094126 patch collided with the accumulated decisions of years past: undersized partitions, vendor-specific firmware habits, and software ecosystems built on assumptions that quietly shifted overnight. For IT administrators, dental offices, and everyday users alike, the update that was meant to secure their systems instead locked them out, reminding us that in complex technological infrastructure, safety and disruption are never fully separable.
- Machines that ran fine on June 8 refused to boot on June 10 — HP enterprise fleets went dark as Secure Boot clashed with EFI partitions too small to absorb the update's new security files.
- BitLocker recovery loops trapped users who had no clear exit, and IT administrators faced the grim arithmetic of manually visiting or remotely accessing hundreds of affected devices.
- Cloud storage vanished from File Explorer sidebars on systems with UAC disabled, leaving users who depend on OneDrive, Dropbox, and iCloud Drive to hunt for their files through raw folder paths.
- Dental practices, accounting firms, and neurology clinics discovered their specialized software had quietly broken — not because their apps crashed, but because the Word automation they relied on no longer responded to third-party control.
- Microsoft has yet to issue a comprehensive response as reports continue to accumulate, and the available workarounds — disabling Secure Boot, removing the update, running PowerShell commands — offer relief without resolution.
Microsoft's June 2026 security update, KB5094126, arrived on June 9 carrying patches for nearly 200 vulnerabilities. For many users it installed without incident. For others, it turned their machines into expensive paperweights.
The most dramatic failures hit HP enterprise devices. Models like the EliteBook 840 G10 and ProBook 460 G11 refused to boot after the update, presenting either a black screen or a BitLocker recovery prompt with no clear exit. The cause was a collision between the update's Secure Boot certificate changes and EFI partitions that HP had sized at just 100 megabytes on older disk images — far too small for the new security files Windows needed to write. HP's own practice of storing firmware recovery data in that same partition made the space problem worse. The workaround required entering BIOS, disabling Secure Boot, letting the update finish, and re-enabling it — a process that scaled poorly across large fleets and sometimes failed entirely.
Beyond boot failures, the update broke cloud storage integration in File Explorer. OneDrive, Dropbox, and iCloud Drive disappeared from sidebars and stopped responding in the system tray, particularly on systems using local administrator accounts or with UAC disabled. Users could still reach their files by navigating directly to the folder path, but the seamless integration most people relied on was gone. Uninstalling the update restored it immediately — though that meant surrendering the security fixes.
Business software took its own quiet hit. Dental, accounting, and neurology applications that embedded or automated Microsoft Word found that the automation layer had stopped responding, even though Word itself opened normally. Microsoft had also tightened validation of desktop.ini files used for custom folder icons, breaking those customizations silently across affected systems and requiring a PowerShell command to repair.
Days after release, reports were still accumulating on Reddit and Microsoft's Feedback Hub. No comprehensive acknowledgment had come from the company, and the pattern was clear: a single update had fractured in different directions for different users, each discovering a distinct way that their working system had quietly stopped working.
Microsoft's June 2026 security update arrived on schedule, packed with dozens of new features and patches for nearly 200 security vulnerabilities. But for some users, particularly those managing HP devices in enterprise environments, the rollout became a nightmare. Within days of KB5094126's release on June 9, machines that had been running smoothly suddenly refused to boot. The screen would go black, or users would find themselves staring at a BitLocker recovery prompt with no clear path forward.
The scope of the problem became apparent quickly. One IT administrator managing hundreds of HP devices reported that most of their fleet was unable to boot after the update deployed. The affected machines included popular enterprise models like the EliteBook 840 G10, ProBook 460 G11, and HP's Engage One Pro point-of-sale systems. Dell Precision workstations also appeared in reports, though HP devices dominated the complaints. The issue wasn't universal—some users with identical hardware sailed through the update without incident—which pointed to something more nuanced than a simple bug in the update itself.
The root cause lay in a collision between the update's security improvements and the physical constraints of older hardware. KB5094126 includes a Secure Boot certificate update that modifies critical boot files, the Boot Manager, and EFI partition contents. On many HP devices, particularly those with older disk images, the EFI partition was only 100 megabytes—a size that made sense years ago but proved catastrophically small when Windows tried to write the new security files. Newer systems typically allocate 500 megabytes to a gigabyte for this partition. When Windows couldn't fit the required files, Secure Boot blocked the system from loading, resulting in either a black screen of death or, if BitLocker was enabled, a recovery mode that users couldn't escape. The error message buried in system logs was blunt: insufficient disk space.
HP's own practices made the problem worse. The company stores BIOS and firmware recovery files in the EFI partition itself, under paths like EFI\HP\DEVFW, consuming additional space that the update needed. This wasn't Microsoft's fault alone. The incompatibility emerged from a mismatch between how HP configured its systems and what the security update required. Still, users were locked out of their machines, and the workaround was neither obvious nor simple.
The solution required users to enter BIOS, disable Secure Boot temporarily, boot into Windows, let the update complete, then re-enable Secure Boot. For IT administrators managing hundreds of devices, this meant either visiting each machine or remotely accessing BIOS—a time-consuming process that exposed the fragility of the update's rollout. Some users reported that even this workaround failed, leaving them in recovery loops that persisted even after entering their BitLocker keys. The broader lesson was clear: Microsoft's security improvements, however necessary, had not been adequately tested against the real-world configurations of enterprise hardware.
But boot failures were only part of the damage. After installing KB5094126, users reported that OneDrive no longer appeared in File Explorer's sidebar or responded to clicks in the system tray. The same problem affected Dropbox and iCloud Drive, though less frequently. The update had broken the shell integration that allowed these cloud storage services to function within Windows' file manager. The issue appeared concentrated among systems with User Account Control disabled or those using local administrator accounts instead of Microsoft accounts. Users could still access their cloud files by navigating directly to the folder path, but the convenient shortcuts that most people relied on simply stopped working. Removing the update fixed it immediately, but that wasn't a real solution for machines that needed the security patches.
The damage extended into business software. Dental practices using Dentrix, accounting firms relying on CCH ProSystem fx, and neurology clinics that embedded Word documents in their workflow all reported failures after the update. The applications themselves didn't crash—Word opened normally when launched directly—but the automation that allowed third-party software to control Word or embed it within their own interfaces broke. Microsoft had apparently changed how Windows handles Office automation, a shift that rippled through an entire ecosystem of line-of-business applications that had built their workflows around the old behavior.
Microsoft also quietly tightened validation for desktop.ini files, the hidden configuration files that advanced users and third-party applications use to customize folder icons and names. After the update, Windows began rejecting desktop.ini files that couldn't be verified as coming from a trusted source, breaking custom folder displays across systems where users had applied these customizations. The company provided a PowerShell command to unlock affected files, but the change illustrated a broader pattern: KB5094126 had introduced multiple breaking changes that affected different user populations in different ways. For some, it was a boot failure. For others, it was cloud storage integration. For still others, it was the slow realization that their specialized business software no longer worked as expected. Days after the update's release, reports were still accumulating on Reddit and Microsoft's Feedback Hub, and the company had not yet issued a comprehensive acknowledgment of the cascading problems.
Notable Quotes
I am 100% sure this KB is broken. Rolled it back, tried reinstalling KB5094126, and it created a boot loop again.— Jonathan, affected user on Microsoft Feedback Hub
The common denominator seems to be HP devices. I haven't seen a single report on this issue that isn't HP.— Reddit user managing HP Engage One Pro systems
The Hearth Conversation Another angle on the story
Why did this update cause so many different problems across different hardware and software?
Because KB5094126 wasn't just a security patch—it was a broad security overhaul that touched Secure Boot, cloud storage integration, Office automation, and file validation all at once. When you make changes that deep across the system, you're bound to hit edge cases that testing didn't catch.
The boot failures seem like they should have been caught before release. Didn't Microsoft test on HP hardware?
They probably did, but on newer systems with properly sized EFI partitions. The problem emerged specifically on older HP images with 100-megabyte EFI partitions. That's a configuration that exists in the real world but may not have been in Microsoft's test environment.
So it's HP's fault for undersizing the EFI partition?
It's both. HP made a design choice years ago that made sense at the time. Microsoft made a security change that didn't account for that legacy configuration. The real failure was that the update deployed automatically to millions of machines without adequate safeguards for known hardware variations.
Why did OneDrive break separately from the boot issue?
That appears to be a different problem entirely—something about how the update changed shell integration for cloud storage. It affected systems with UAC disabled or local admin accounts, which suggests it's related to permission or authentication handling, not the Secure Boot issue at all.
Could users have prevented these problems?
Not really. The update installed automatically unless they'd deferred it. And even if they'd known to disable Secure Boot preemptively, most users wouldn't have that knowledge. The workaround only existed because people figured it out after the fact.
What does this say about how Microsoft tests updates before release?
It suggests the testing environment doesn't fully represent the diversity of real-world configurations—especially older enterprise hardware that's still in active use. A security update this significant probably needed a longer staged rollout, not automatic deployment to everyone.