Microsoft shipped an out-of-band preview update on June 23, 2026, that stomps out a crippling bug in Windows 11—one that could leave the Start menu, taskbar, search, settings, and File Explorer completely broken on freshly provisioned machines. The fix, labeled KB5095093, arrives as an optional non-security update for IT admins and curious home users who manually check for updates. It’s a targeted rescue for deployments that suddenly fell silent after setup.

What the update actually fixes

The star of KB5095093 is a single headline item: a regression in the Windows Shell that could fail to start properly after provisioning. In plain English, after an organization (or an advanced user) uses tools like Windows Autopilot, MDT, or an answer file to set up a new PC, the core user interface—the taskbar, Start, search flyout, quick settings, and File Explorer—could refuse to load. Users would be greeted by a blank screen or a flickering desktop, with no way to launch applications or access settings. The update resolves that regression so that the shell loads reliably post-provisioning.

Microsoft’s release notes also mention “miscellaneous security improvements to internal OS functionality,” but no additional CVEs are documented—this is a pure quality fix. The update raises the OS build number to 26100.3613 (for 24H2), though the KB itself applies across multiple Windows 11 releases.

Why this matters—especially for IT

If you’re a home user who bought a PC off the shelf and let Windows Update do its thing, this bug probably never touched you. The trigger is specific to the provisioning process—the automated, hands-off configuration that companies use to enroll devices into management. But for IT departments, the fallout was real. Imagine unboxing a fleet of 500 laptops, initiating Autopilot, and then finding half of them brain-dead on the first user login. No Start, no taskbar—just a ghost of a desktop. The only viable workaround was to reimage or enter audit mode and apply the update offline, a time sink that chewed through deployment windows.

Even for power users who tinker with custom provisioning packages or sysprep, the bug could bite. Running sysprep /generalize followed by an OOBE boot on an affected build could lead to the same shell infarction. KB5095093 closes that gap, making sure the screen you see after “Welcome to Windows” is actually Windows, not a void.

How we got here: a timeline of the regression

The exact origin of the bug isn’t spelled out in Microsoft’s advisory, but context points to the June 2026 Patch Tuesday update (or possibly the May non-security preview) as the culprit. Reports on Microsoft’s Tech Community forums and Reddit’s r/sysadmin lit up soon after those updates landed, with admins describing identical symptoms: post-provisioning, the shell process would start and immediately crash, leaving nothing but a black screen with a cursor. Clean installs outside of provisioning worked fine, which narrowed the scope to the deployment pathway.

Microsoft’s engineering team confirmed the issue internally by June 20 and fast-tracked the preview fix for the C-week release, skipping the usual month-long bake. This isn’t the first time provisioning and the shell have clashed. Windows 11 22H2 had a similar hiccup where the taskbar disappeared after Autopilot, traced to a bad interaction with the Iris service. In that case, a registry tweak was the interim mitigation; this time, the shell’s entire process tree was vulnerable, making a server-side KIR (Known Issue Rollback) impossible and a full cumulative update necessary.

What to do now

If you manage Windows devices and have already encountered the provisioning blackout:

  1. Install KB5095093 manually on the affected machine. Since the device may not have a functioning UI, you can trigger the update from Windows Recovery Environment (WinRE) Command Prompt: boot to WinRE, open a command line, and use dism /image:C:\ /Add-Package /PackagePath: pointing to the downloaded .msu from the Microsoft Update Catalog.
  2. Inject the update into your deployment image. Add the .msu to your gold image before sysprep, or import it into your Autopilot enrollment status page as a required update. Microsoft now offers the .msu as a standalone download from the Update Catalog—search for “KB5095093”.
  3. For machines not yet deployed, vet your provisioning workflow. If you’re using Windows 11 version 24H2 with the May or June cumulative updates (builds 26100.xxxx below .3613), slipstream KB5095093 into the boot image or postpone deployment until the July Patch Tuesday when the fix will graduate to an automatic update.

Home users and small businesses not using provisioning can safely ignore this preview update or install it via Settings > Windows Update > Check for updates (if you see a “Download and install” link under optional updates). The patch is small—roughly 150 MB—and installs in a few minutes. It carries no known adverse effects as of the preview window.

What to watch next

KB5095093 is currently an optional preview. It will be rolled into the mandatory July 14, 2026 Patch Tuesday update, so even if you skip it now, the fix will reach all unmanaged PCs next month. Microsoft has not indicated any plans to push this as an emergency out-of-band (OOB) release for all users, likely because the attack surface is limited to provisioned devices. However, the speed of this fix—from issue acknowledgment to preview patch in under a week—signals that Redmond views provisioning failures as a priority, especially given the growing footprint of Windows 11 in enterprise environments.

For admins, the episode is a reminder to keep a clean test bench and to hold preview updates in a validation ring before broad deployment. And if you’re still on Windows 10, note that this shell regression doesn’t appear to affect the older OS; it’s a Windows 11-specific artifact, likely tied to the newer shell architecture introduced in 24H2.