Microsoft added the Recycle Bin bug to its Windows Release Health Dashboard on June 19, 2026, making it the first formally confirmed regression from the June 9 Patch Tuesday cumulative update, KB5094126. The acknowledgment is narrow in scope: Microsoft describes an "unexpected behavior" in the shell's deletion confirmation dialog that surfaces after installing the update on Windows 10, Windows 11, and every supported Windows Server edition.

The bug works like this. When a user opens the Recycle Bin, their files appear exactly as expected — with the names they gave them. But if they select a single file and choose to delete it permanently, the confirmation dialog substitutes the file's on-disk storage identifier, a string in the format $Rxxxxx, for the human-readable display name. A photo named vacation.jpg confirms as $R4F7A2C. The files themselves are unaffected; deletion completes normally once the user confirms; and restoring a file returns it under its original name. The regression is confined entirely to that one dialog box. Microsoft says a workaround is available to enterprise customers through Microsoft Support for Business, and that a permanent fix is coming in a future Windows update.

Why the Shell Exposes Its Internal Names at All

Understanding the bug requires a brief detour into how Windows has managed the Recycle Bin since Windows 95. The Recycle Bin is not an ordinary folder — it is a virtual folder in the Windows Shell namespace, an abstraction layer that sits above the physical file system. When a file is moved to the Recycle Bin, Windows renames the on-disk file with a $Rxxxxx prefix and creates a companion metadata file named $Ixxxxx that stores the original filename, its size, and the deletion timestamp. The Shell's display layer reads the $Ixxxxx file and presents the original name to the user; the $Rxxxxx storage name has never been intended to be user-visible.

KB5094126 modified the shell's folder-parsing behavior as part of a security hardening change that closed a 23-year-old unchecked-buffer vulnerability in the Windows Shell's desktop.ini processor. A side effect of that change is that the deletion confirmation dialog stopped querying the $Ixxxxx metadata file and fell back to presenting the raw on-disk identifier.

What Microsoft Has Not Acknowledged: BitLocker Lockouts Can Mean Permanent Data Loss

The Recycle Bin bug is a cosmetic inconvenience. What Microsoft has not yet added to the Release Health Dashboard is substantially more serious.

Since KB5094126 began rolling out on June 9, IT administrators across enterprise forums have reported that the update forces certain devices into BitLocker recovery mode on reboot — even on machines where BitLocker and Device Encryption had been explicitly disabled. The mechanism is rooted in how BitLocker seals the volume encryption key to the device's Trusted Platform Module (TPM). BitLocker uses TPM Platform Configuration Registers — hardware measurements of the boot environment — to verify that the machine's boot sequence has not been tampered with. When KB5094126 updated the Windows Boot Manager and pushed new Secure Boot certificate data, the PCR values changed, and BitLocker treated the change as a potential integrity violation — presenting users with a recovery-key screen instead of their desktop.

For most enterprises, the recovery key is stored in Microsoft Entra ID or Active Directory, and administrators can retrieve it remotely. But corporate deployments using local accounts — machines that have never been linked to a Microsoft Account — have no automatic key-backup mechanism. Multiple users posting to Microsoft's Q&A forums confirmed that Microsoft's own AI-assisted support tool delivered an unambiguous verdict: without a saved recovery key, the only available resolution is a full OS wipe and Windows reinstallation. Affected businesses lose all locally stored data on those machines.

One administrator reported pushing KB5094126 to 300 machines overnight; 42 failed to boot by the next morning. Another wrote that the update appeared to activate BitLocker on a machine where it had never been deliberately enabled, then immediately locked the device out.

The technical cause on some hardware — particularly HP enterprise units including the EliteBook 840 G10, ProBook 460 G11, and ZBook systems — is more specific: those machines shipped with a 100-megabyte EFI System Partition, the default size when Windows 10 launched. The Secure Boot certificate refresh in KB5094126 requires more space than that partition provides. The update fails with error 0xc0430001, and on some firmware configurations the failed installation leaves the machine in a state where the TPM refuses to unseal the BitLocker key.

Four More Issues Microsoft Has Not Yet Confirmed

The Release Health Dashboard also has nothing to say about four additional regressions that IT communities have documented since June 9.

OneDrive and cloud-storage integration. On domain-joined PCs running with local administrator accounts and User Account Control disabled, KB5094126 breaks the shell integration that populates the OneDrive entry in File Explorer's left-hand navigation pane. Clicking it returns blank results. The root cause appears to be a change in how the Shell hands off to cloud-storage provider processes when the UAC security layer is not active. The same behavior has been reported with Dropbox on some configurations. Microsoft's Q&A community has received substantial traction on this report.

System freezes requiring recovery environment. Multiple forum threads document Windows 11 machines freezing completely within minutes of a post-KB5094126 boot — sometimes within five minutes. In at least one documented case, the freeze occurred fast enough that the user could not reach the Settings app to uninstall the update, forcing entry into the Windows Recovery Environment. That recovery attempt itself partially broke the installation, altering the reported Windows edition and removing the taskbar clock. Microsoft has not reproduced or confirmed these crashes on the Release Health Dashboard.

Blue-screen crashes. Reports of stop-error crashes — specifically a DPC_WATCHDOG_VIOLATION boot loop on some units and BSOD error 0xc0430001 on HP hardware — have appeared on Microsoft's Feedback Hub and across IT forums. Windows Latest reported receiving more than 150 such reports within 48 hours of the update's release.

Office automation failures. Microsoft has separately acknowledged that certain third-party applications — specifically those that embed or automate Microsoft Word or Excel through the OLE Automation interface rather than launching the apps directly — fail to open Office documents after KB5094126. The underlying cause is a change in how the Windows Shell dispatches COM calls to Office components. Microsoft says it is working on a permanent fix.

The Security Dilemma IT Administrators Face Right Now

The temptation for any administrator reviewing this list is to defer or roll back KB5094126 entirely. That instinct is understandable — but it carries its own risk that is not visible in the regression reports.

The June 2026 Patch Tuesday release patches 208 security vulnerabilities, a total that Trend Micro Zero Day Initiative researcher Dustin Childs counted as the largest single Patch Tuesday in the program's 23-year history. Among those vulnerabilities are five that were being actively exploited in the wild before this update shipped, and a wormable kernel flaw rated CVSS 9.8 that requires no user interaction to exploit. Rolling back the update removes all of those fixes alongside the regressions.

That is the structural problem with Microsoft's cumulative update model, which it introduced with Windows 10 in 2016. Security fixes and feature changes are bundled into a single installable package; administrators cannot choose to take the security patches while rejecting the shell or boot-chain changes that introduced the regressions. The decision is binary: install everything or install nothing.

IT experts recommend a middle path: deploy KB5094126 to a limited pilot ring first, verify that BitLocker recovery keys are properly escrowed in Entra ID or Active Directory before any update, check whether affected hardware models are in the fleet, and monitor the Windows Release Health Dashboard for new acknowledgments before widening deployment.

What Windows Administrators Should Do Right Now

For organizations that have not yet deployed KB5094126 broadly, the recommended sequence is as follows.

Before deployment, verify that BitLocker recovery keys for every device are stored in Microsoft Entra ID, Active Directory, or the Microsoft BitLocker Administration and Monitoring database. Check the EFI System Partition size on all devices — specifically HP and Dell enterprise hardware — for the 100MB constraint. Set KB5094126 to a deferred deployment ring and allow the pilot cohort a full week before broader rollout.

For already-affected machines with BitLocker lockouts, if the device is linked to a Microsoft Account, the recovery key is available at account.microsoft.com/devices/recoverykey. Enterprise administrators can retrieve keys from Entra ID or Active Directory. If no key was backed up anywhere, the only documented path is a full OS reinstall.

For already-affected machines with freezes or BSODs, boot into the Windows Recovery Environment by interrupting the boot sequence three consecutive times, navigate to Advanced Options, and select Uninstall Updates to remove KB5094126. Be aware that this removes the security patches as well.

For OneDrive breakage, unlinking and re-linking OneDrive restores functionality temporarily, but the fix reverts when Windows reinstates the update. Enabling UAC on affected machines resolves the root condition.

Microsoft has not published a timeline for resolving the confirmed Recycle Bin regression or the reported but unconfirmed issues. Whether fixes arrive in an out-of-band release or wait for the July 8 Patch Tuesday remains unknown.

❓

Frequently Asked Questions

Is the Windows 11 June 2026 update safe to install?

For most users, KB5094126 installs without problems and delivers patches for 208 security vulnerabilities, including actively exploited flaws. The confirmed and reported regressions appear to affect a subset of configurations — particularly enterprise machines using local accounts, devices with 100-megabyte EFI System Partitions, and some HP and Dell enterprise hardware. Organizations should verify BitLocker recovery keys are escrowed, test on a pilot ring first, and monitor the Windows Release Health Dashboard before broad deployment.

What is the Recycle Bin bug in KB5094126, and does it cause data loss?

When permanently deleting a single file from the Recycle Bin, the confirmation dialog shows the file's internal storage identifier — a string like $R4F7A2C — instead of its original display name. The file itself is not affected: the Recycle Bin list view shows the correct name, and deletion completes normally. No data loss results from this specific bug alone. However, the same shell-namespace change that introduced it is related to deeper regressions — including the BitLocker lockout issue — that do carry data-loss risk on specific configurations.

Can KB5094126 permanently lock me out of my own computer?

On specific configurations — particularly corporate devices using local accounts that were never linked to a Microsoft Account — KB5094126 can trigger BitLocker's TPM-sealed drive-protection mechanism, requiring a 48-digit recovery key to access the machine. If that key was never saved or backed up, Microsoft's own support tool has confirmed there is no recovery path short of a full OS wipe, which erases all locally stored data. Backing up your BitLocker recovery key to a Microsoft Account or enterprise directory before installing any major Windows update is strongly recommended.

Should IT administrators roll back KB5094126?

Rolling back removes the regressions but also removes patches for five zero-day vulnerabilities that were being actively exploited before the update shipped. Microsoft's cumulative update model bundles security fixes and quality changes into a single package with no selective installation. The recommended approach is to test on a pilot ring rather than deploy fleet-wide, ensure recovery keys are escrowed, and wait for additional Release Health Dashboard acknowledgments and workarounds before full deployment.