Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Find information on recently resolved issues for Windows 11, version 25H2. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge). For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.
Resolved issues
| Summary | Originating update | Status | Date resolved |
|---|---|---|---|
| Smartcard authentication issues might occur with the October 2025 Windows update This issue is related to a security change introduced for strengthening Windows Cryptographic Services. | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved | 2025-10-22 17:31 PT |
| USB mouse and keyboard not working in the Windows Recovery Environment (WinRE) This issue affects USB devices only within WinRE after installing Windows updates released on October 14, 2025. | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved KB5070773 | 2025-10-20 14:00 PT |
Issue details
October 2025
Smartcard authentication issues might occur with the October 2025 Windows update
| Status | Originating update | History |
|---|---|---|
| Resolved | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved: 2025-10-22, 17:31 PT Opened: 2025-10-17, 20:06 PT |
Smart card authentication and other certificate operations might intentionally fail after installing Windows Updates released on or after October 14, 2025 (KB5066835) that contain protections for the security vulnerability, CVE-2024-30098. As part of this cryptography improvement, RSA-based smart card certificates are required to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).
Common symptoms for certificates that use CSP include:
- Smart cards not being recognized as CSP providers (Cryptographic Service Provider) in 32-bit applications
- Inability to sign documents
- Failures in applications relying on certificate-based authentication
- Users might observe error messages such as "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error."
You can detect if your smart card will be affected by this security enforcement if, prior to installing the October 2025 Windows security update (KB5066835), the System log contains Smart Card Service or Microsoft-Windows-Smartcard-Server Event ID: 624 with the message text: "Audit: This system is using CAPI for RSA cryptography operations. Please refer to the following link for more detail: https://go.microsoft.com/fwlink/?linkid=2300823."
Resolution:
For a permanent resolution, developers should update their authenticating app to perform Key Storage Retrieval using Key Storage API documented at Key Storage and Retrieval. Developers should complete this change before Windows updates released in April 2026, at which time the DisableCapiOverrideForRSA workaround listed below is planned to be removed.
Workaround:
If you encounter this issue, you can temporarily resolve it by setting the DisableCapiOverrideForRSA registry key value to 0. This is documented in CVE-2024-30098. Detailed steps to modify the registry key are listed below. Note: This option will be removed in Windows updates, planned for release in April 2026.
Steps to Modify the Registry
⚠️ Important: Editing the registry incorrectly can cause system issues. Always back up the registry before making changes.
1. Open Registry Editor.
- Press Win + R, type regedit, and press Enter.
- If prompted by User Account Control, click Yes.
2. Navigate to the subkey.
- Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais
3. Edit the key and set the value.
- Inside Calais, check if key DisableCapiOverrideForRSA exists
- Double-click DisableCapiOverrideForRSA.
- In Value date, enter: 0
Note: The DisableCapiOverrideForRSA registry setting is NOT added by the default OS install or the installation of Windows Updates and must be manually added on each device.
4. Close and restart.
- Close Registry Editor.
- Restart the computer for changes to take effect.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2
- Server: Windows Server 2025; Windows Server 23H2; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2
USB mouse and keyboard not working in the Windows Recovery Environment (WinRE)
| Status | Originating update | History |
|---|---|---|
| Resolved KB5070773 | OS Build 26100.6899 KB5066835 2025-10-14 | Resolved: 2025-10-20, 14:00 PT Opened: 2025-10-17, 22:18 PT |
After installing the Windows security update released on October 14, 2025 (KB5066835), USB devices, such as keyboards and mice, do not function in the Windows Recovery Environment (WinRE). This issue prevents navigation of any of the recovery options within WinRE. Note that the USB devices continue to work normally within the Windows operating system.
Resolution: This issue was resolved by the Windows out-of-band update, released October 20, 2025 (KB5070773), and updates released after that date. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
Workaround: If your device is impacted by this issue and is unable to boot to Windows to install the latest Windows update, you can work around this issue using one of the following methods:
- If your PC has a touchscreen, you can use the touchscreen's touch keyboard to navigate within WinRE.
- If your PC has a PS/2 port, you can use a PS/2 keyboard or mouse to navigate within WinRE.
- If you had previously created a USB recovery drive, you can boot your computer from the recovery drive. This will take you directly to WinRE with restored USB functionality.
- OEMs and enterprises can use the Preboot Execution Environment (PXE) in Configuration Manager, or can deploy push-button reset features using the Windows Assessment and Deployment Kit (Windows ADK) and Windows Preinstallation Environment (WinPE) add-on to recover affected devices.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2
- Server: Windows Server 2025
Report a problem with Windows updates
To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.
Need help with Windows updates?
Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.
For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.
View this site in your language
This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.