Microsoft Issues Advisory: KB5060533 Update Causes Boot Errors on Surface Hub v1 Devices

Microsoft is currently addressing a significant issue that leads to Secure Boot errors, inhibiting the startup functionality of Surface Hub v1 devices. This problem primarily affects systems utilizing Windows 10, version 22H2, which have had the June 2025 security update, KB5060533, installed.

Reports indicate that affected Surface Hub v1 systems may fail to boot, displaying the error message: “Secure Boot Violation. Invalid signature detected. Check Secure Boot Policy in Setup.” Notably, this issue does not extend to Surface Hub 2S and Surface Hub 3 devices.

In response to the situation, Microsoft implemented a mitigation strategy the day following the discovery of the issue, designed to prevent additional Surface Hub v1 systems from experiencing similar problems after the problematic update. Microsoft has confirmed the impact of this issue on certain Surface Hub v1 devices and is actively investigating further, with the promise to disseminate additional information as it becomes available.

The KB5060533 update, which has generated this complication, also addresses a separate bug affecting some Hyper-V virtual machines utilizing Windows 10, Windows 11, and Windows Server, which were prone to freezing or unexpected restarts.

On the same day, Microsoft released security updates addressing 66 vulnerabilities, including an actively exploited WebDAV zero-day (CVE-2025-33053) and a publicly disclosed privilege escalation vulnerability in Windows SMB (CVE-2025-33073). Collectively, the June 2025 Patch Tuesday updates remedied ten critical vulnerabilities, with eight allowing attackers the opportunity to execute remote code on unpatched devices, while the other two facilitated privilege escalation.

Additionally, Microsoft issued an emergency update for Windows 11 (KB5063060) to rectify an Easy Anti-Cheat incompatibility that led to some systems experiencing blue screen of death (BSOD) errors during restarts.