The June 2025 Patch Tuesday arrived with a sigh of relief for Windows 11 users plagued by Remote Desktop connection nightmares. Microsoft pushed out KB5060999, a cumulative security update for versions 22H2 and 23H2, and it squashes a critical bug that had been crashing sessions with cryptic error messages. But the update isn't without its own warts—early adopters are reporting blurry Asian characters in browsers, and IT pros are scratching their heads over deployment delays. Here's everything you need to know.
What's Inside KB5060999?
The update bumps OS Builds to 22621.5472 and 22631.5472 for the respective editions. It includes all the fixes from last month's preview update (KB5058502, released May 27, 2025), making this a cumulative quality update alongside fresh security patches. Microsoft has bundled a servicing stack update (KB5058546) to improve the reliability of the Windows Update mechanism itself—often a prerequisite to ensure future updates install smoothly. The servicing stack update specifically updates builds 22621.5412 and 22631.5412, ensuring that the component responsible for installing Windows updates works without a hitch.
The standout fix, however, targets Remote Desktop. For weeks, users on forums and enterprise helpdesks reported an infuriating issue: when connecting via RDP, the session would abruptly terminate with "The Remote Desktop Services session has ended" or simply fail to connect with "A remote desktop connection cannot be established." According to Microsoft's documentation, the root cause was a "graphics support issue." While the company didn't go into deeper technical detail, the fix likely involves updates to the Graphics Device Interface (GDI) or related components that handle screen rendering over remote sessions. In the era of hybrid work, a stable RDP connection is business-critical for sysadmins managing servers and for employees accessing their office desktops from home.
IT administrators managing fleets of remote workstations welcomed the patch. Many had been resorting to workarounds like disabling bitmap caching or falling back to legacy protocols. Now, with KB5060999, those jury-rigged solutions can be retired.
Security Fixes: A Critical Layer
June's update carries the usual bundle of security fixes for Windows kernel, networking stack, and other critical components. While Microsoft's Security Update Guide will detail the CVEs, the cumulative nature means it patches vulnerabilities that could allow elevation of privilege, remote code execution, or information disclosure. The absence of a zero-day mention suggests this is a standard, but no less important, Patch Tuesday rollout. For enterprises, the prompt installation of security updates remains a cornerstone of cyber hygiene. With the remote desktop vector patched, the attack surface shrinks instantly.
Known Issue: Noto Fonts Make CJK Text Blurry
No update is perfect, and KB5060999 introduces a new, highly visible quirk. After installation, users running their displays at 100% scaling (96 DPI) might notice that Chinese, Japanese, and Korean (CJK) characters in Chromium-based browsers like Microsoft Edge and Google Chrome appear blurry or improperly aligned. This isn't a bug in the browser but a side effect of Microsoft's decision to fall back on the Noto font family for rendering certain Unicode ranges. Noto, an open-source font project by Google, aims to provide harmonious typography across all languages, but at low pixel densities, its hinting and rasterization don't hold up well, causing smeared edges and reduced legibility.
Microsoft acknowledges the problem and says it's working with Google on a resolution. In the meantime, the workaround is simple but not always practical: increase your display scaling to 125% or higher. That extra pixel density gives the Noto fonts enough room to render cleanly. If you must stay at 100% scaling, you can mitigate the issue by using a different default font in your browser settings—though that's a power-user move. For those affected, Microsoft directs you to report specific rendering problems on the Google Noto Fonts GitHub repository, underscoring the collaborative nature of the fix.
The issue has sparked lively discussion in online communities. Some users question why Microsoft didn't catch this during testing, while others point out that CJK typography is notoriously complex and that any font substitution risks rendering glitches. A system administrator in Tokyo posted: "Finally, my remote workers can connect without random disconnects. But now half our team is complaining about blurry kanji in Edge. You fix one screen, break another." The lesson: when a "small" dependency change ripples, it can touch millions of screens.
Update Delay Headache for IT Admins
A second known issue is more administrative than visual. If your organization uses quality update deferral policies (configured via Group Policy or MDM), devices might not see KB5060999 immediately—even though it was released on June 10, 2025. The culprit: the update's metadata carries a timestamp of June 20, 2025. A deferral policy that says "delay updates by X days" interprets the timestamp as the release date, so the clock starts ticking from June 20. If your deferral window is, say, 14 days, the update wouldn't be offered until early July.
Microsoft is transparent about the glitch. It stems from a servicing pipeline hiccup where the package metadata was post-dated. The issue only affects timing, not the contents; once the deferral period expires, the update will install normally. To bypass the delay, IT admins can create an expedite policy using Windows Update for Business, overriding the deferral and pushing the update immediately. Alternatively, they can temporarily reduce the deferral window. An IT manager noted: "We had to emergency-override our policies to get the security patch deployed. Not what I wanted to do on a Tuesday morning." This kind of operational friction is especially irritating for security-conscious teams who want to patch quickly but are hamstrung by automated policies.
How to Install KB5060999
For most users, the update arrives via Windows Update automatically. You can manually check by going to Settings > Windows Update and clicking 'Check for updates.' If you're managing a fleet, it's also available through Windows Update for Business, WSUS, and the Microsoft Update Catalog for offline deployment. Microsoft recommends installing the latest servicing stack update (KB5058546) first, but for most devices, the LCU already includes it. The update is mandatory; there's no skipping these security fixes.
Before you click install, note that a restart is required. Plan for the usual downtime, and close your Remote Desktop sessions—because you might lose them mid-update (though that's fixed now, so future sessions will be stable).
Mixed Reactions from the Trenches
Early feedback on forums reveals a split: users who suffered from the RDP bug are grateful, but those encountering the CJK font issue are annoyed. The deferral metadata problem adds another layer of frustration for IT professionals who must jump through hoops to deploy a critical security patch. Such anecdotes highlight the balancing act Microsoft faces: pushing urgent fixes while navigating an ever-growing matrix of hardware, locales, and enterprise policies.
Should You Install Now?
For the vast majority, the answer is yes. The Remote Desktop fix alone is worth the restart. The security improvements are non-negotiable. Yes, you might see blurry CJK text if your scaling is at 100%—but the workaround (bumping scaling to 125%) is quickly applied and causes minimal disruption. For many users running modern monitors, 125% is the default recommended scaling anyway. If you're an IT admin, grapple with the deferral metadata issue early: either create an expedite policy or schedule the update for after the phantom release date.
Microsoft's track record with cumulative updates has been rocky in past years, but KB5060999 feels like a step back toward reliability—provided you can stomach the font typography growing pains. As always, test in a pilot group before broad production rollout if your environment is sensitive.
Looking Ahead
Microsoft hasn't announced when the Noto font rendering issue will be permanently fixed, but the collaboration with Google suggests a solution could arrive in a future Chromium update or a subsequent Windows cumulative patch. The deferral metadata snafu is likely a one-off, but it serves as a reminder that even "non-functional" data can disrupt enterprise workflows.
Patch Tuesday faithful can mark their calendars: next month's update will undoubtedly build on this foundation, potentially squashing the CJK glitch and delivering more security hardening. For now, KB5060999 is a classic Microsoft update: a hero patch that fixes a high-impact bug but brings along a couple of uninvited guests. Install it, adjust your scaling if East Asian text looks off, and get back to work—with a stable Remote Desktop connection at last.