BURSTSummary
1. Microsoft has reduced Windows 11 version 24H2 system restore point retention from 90 days to 60 days.
2. This 60-day limitation will apply to all future versions of Windows 11 version 24H2, permanently shortening the recovery window for users.
3. The update also fixes Windows Hello for Business authentication issues with self-signed certificates when using the Key Trust model.Microsoft has implemented a significant change to its Windows 11 system recovery functionality, reducing the retention period for system restore points from 90 days to 60 days in the latest security update.
This modification affects Windows 11 version 24H2 users and represents a notable shift in the operating system’s data recovery capabilities, potentially impacting users who rely on longer-term system rollback options.
Windows 11 System Restore Changes
The June 2025 security update, released on June 10, 2025, introduces OS Build 26100.4349 with the primary modification targeting the System Restore functionality.
Under the new parameters, Windows 11 version 24H2 will retain system restore points for a maximum of 60 days, marking a 30-day reduction from the previous 90-day retention period.
Users seeking to apply restore points older than 60 days will find these options unavailable through the “Open System Restore” interface.
This change extends beyond the current update cycle, as Microsoft has indicated that the 60-day limitation will apply to all future versions of Windows 11 version 24H2.
The modification directly affects users who previously relied on quarterly restore points for system recovery, particularly those in enterprise environments where longer rollback periods provided additional safety margins for critical system configurations.
Technical administrators must now adjust their backup strategies to accommodate this shortened recovery window.
Beyond the restore point modifications, KB5060842 addresses critical security vulnerabilities and resolves authentication issues affecting Windows Hello for Business users.
The update specifically fixes problems preventing users from signing in with self-signed certificates when utilizing the Key Trust model configuration.
This resolution is particularly significant for enterprise deployments where certificate-based authentication forms a cornerstone of security infrastructure.
The security improvements incorporated in this update build upon previous enhancements from KB5058499, released on May 28, 2025.
Microsoft has updated several AI components, including Image Search (version 1.2505.838.0), Content Extraction (1.2505.838.0), and Semantic Analysis (1.2505.838.0), demonstrating the company’s continued integration of artificial intelligence capabilities within the operating system framework.
Windows Update Deployment
The update deploys automatically through Windows Update and Microsoft Update channels, following Microsoft’s standard distribution methodology.
Users can access the update through Windows Update, Business Catalog, and Server Update Services.
The installation package combines the latest servicing stack update (SSU) KB5059502 with OS Build 26100.4193, ensuring robust update deployment infrastructure.
For system administrators requiring update removal, Microsoft specifies using the DISM/Remove-Package command with the LCU package name.
The Windows Update Standalone Installer (wusa.exe) with /uninstall parameters will not function for package removal due to the integrated SSU components.
This technical limitation requires careful consideration during deployment planning, particularly in environments where update rollback capabilities are essential for maintaining system stability and operational continuity.
Are you from SOC/DFIR Teams! - Interact with malware in the sandbox and find related IOCs. - Request 14-day free trial
The post Microsoft Limits Windows 11 24H2 Restore Points From 90 to 60 Days appeared first on Cyber Security News.