Microsoft shipped its June 2025 security update for Windows 11 on June 10, and while it plugs a fresh set of operating system vulnerabilities, the patch lands with two conspicuous side effects: blurry Chinese, Japanese, and Korean (CJK) text in Chromium-based browsers at standard scaling, and a timestamp glitch that can throw IT departments’ patch schedules into disarray. The cumulative update, labeled KB5060999, pushes Windows 11 22H2 to build 22621.5472 and 23H2 to build 22631.5472, and comes tied to a servicing stack update (KB5058546) that makes removal a little more complicated than usual.

What’s inside KB5060999

This is first and foremost a security fix. Microsoft’s documentation emphasizes that the patch addresses “security issues for your Windows operating system,” though as usual the bulletin provides only high-level summaries. For Windows 11 version 22H2, KB5060999 also rolls in improvements from the May 27, 2025 optional update KB5058502. Chief among them is a fix for a Remote Desktop graphics support issue that could cause connection failures—a welcome relief for enterprises relying on remote desktop infrastructure. Version 23H2, meanwhile, gets no new feature fixes documented this month, but inherits all 22H2 improvements plus the security updates.

A servicing stack update (KB5058546) is bundled in, which Microsoft says “makes quality improvements to the servicing stack, which is the component that installs Windows updates.” That component is critical for reliable patching, but its inclusion means administrators cannot use the standard Windows Update Standalone Installer (wusa.exe) to uninstall the cumulative patch. Instead, you must reach for DISM commands like dism /online /get-packages and dism /online /remove-package if something goes wrong.

Detail Value
Update name KB5060999
OS builds 22621.5472 (22H2), 22631.5472 (23H2)
Release date June 10, 2025
Servicing stack KB5058546
Key improvements Remote Desktop graphics fix (from KB5058502, 22H2 only)
Supported editions Enterprise, Education (22H2); all editions (23H2)

Fuzzy fonts for CJK users

The most visible regression may be the legacy of a change introduced back in March 2025. In that month’s patches, Microsoft began swapping in Google’s Noto fonts for Chinese, Japanese, and Korean scripts, moving away from long-standing system fonts in the hope of better multilingual consistency and open-source alignment. But the transition has been rough. At 96 DPI (100% display scaling), text in Chromium-based browsers—Microsoft Edge, Google Chrome, and other derivatives—appears blurry, unclear, or uncomfortable to read. The June update does not resolve this; instead, the known-issues section of the support article simply restates the problem and offers a blunt workaround: increase your display scaling above 100%, or file a report at the Noto CJK GitHub issues page.

That GitHub repository (github.com/notofonts/noto-cjk/issues) is where the open-source font project’s bugs live, and it has been piling up open tickets. Several recent issues—#322, #321, #320, and others—remain active, indicating that the rendering kludge is not yet squashed. The underlying challenge is well-known in typography circles: CJK glyphs are dense with strokes, and hinting them for sharpness at low pixel densities is genuinely difficult. The Noto CJK family, while polished for high-DPI displays, struggles at 100% scaling on standard office monitors, leaving text looking “mushy” compared to the older fonts.

Microsoft’s decision to push this known issue to its support article without a fix in the pipeline for the June cumulative suggests the company is still waiting on improvements from the open-source community, or that its own font-hinting work is taking longer than anticipated. For now, CJK-language users who spend their days in a browser at 96 DPI face a Hobson’s choice: accept the eye strain or scale up their entire desktop, which throws off window layouts and wastes screen real estate.

A deployment hiccup for IT pros

Enterprises managing updates through Windows Update for Business may notice that KB5060999 takes longer than expected to appear on endpoints. The root cause is a metadata timestamp: the update’s internal release date is stamped June 20, 2025—ten days after the actual June 10 release. When an organization uses a deferral policy (for example, “delay quality updates by 7 days”), the clock starts ticking from that June 20 date rather than June 10. So a system configured to wait one week after release won’t see the patch until June 27, not June 17.

Microsoft offers two workarounds. The first is to configure an expedited update policy, which bypasses normal deferral windows and forces the deployment on your schedule. The second is to shorten your deferral ring or adjust the number of days manually, essentially absorbing the ten-day offset. Redmond insists that “this delay only affects availability timing, not update content,” so once the bits land, they are identical to what everyone else gets. But for security teams racing to meet patch-window deadlines, an extra 10 days can be an unwelcome surprise.

How to grab KB5060999

The update is available through all standard channels:
- Windows Update / Microsoft Update: It will download and install automatically on consumer and unmanaged business devices.
- Windows Update for Business: Following the policies you set, with the caveat above.
- Microsoft Update Catalog: You can find the standalone installers at catalog.update.microsoft.com/Search.aspx?q=KB5060999.
- Windows Server Update Services (WSUS): Syncs automatically if “Windows 11” and “Security Updates” classifications are selected.

Because of the embedded servicing stack update, removal isn’t a simple click in Settings. Administrators must use DISM:
- List packages: dism /online /get-packages
- Remove the update: dism /online /remove-package /packagename:Package_for_RollupFix~<version>~<architecture>~~<number>.mum

Microsoft recommends caution here; removing a servicing stack update can cause other patches to behave unpredictably.

Community reaction and long-term outlook

The Noto CJK font saga drew immediate chatter in tech circles. On GitHub, issue authors have posted screenshots of blurry text and lamented the regression in readability. While many understand the move to a unified open-source font stack, the practical impact on daily productivity has been hard to swallow. Discussion threads point out that Microsoft’s own Chromium-based Edge is among the worst affected, which undercuts the “modern and fast” branding the browser has cultivated.

From the IT side, the timestamp quirk feels like a trivial oversight that could have been caught with better testing. Administrators on forums note that they will likely override deferral policies with expedited updates for this round, but they are weary of having to monitor every cumulative patch for similar deployment gotchas.

Microsoft has not publicly committed to a timeline for fixing either the font rendering or the metadata issue. Historically, such regressions are addressed within one or two monthly cycles, but given that the blur has persisted since March, patience is wearing thin. The best advice for users is to toggle the scaling workaround if you can tolerate it, and for IT managers to double-check their update rings before June 10 patches land.

As always, testing KB5060999 in a pilot group before broad deployment is a wise hedge against unexpected breakage. The patch brings critical security protections, so leaving systems unpatched is not an option. But like many Windows updates, it demands a little extra care before hitting the “Install now” button.