Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Find information on recently resolved issues for Windows Server 2022. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge). For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X (formerly Twitter) for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.
Resolved issues
| Summary | Originating update | Status | Date resolved |
|---|---|---|---|
| Smartcard authentication issues might occur with the October 2025 Windows update This issue is related to a security change introduced for strengthening Windows Cryptographic Services. | OS Build 20348.4294 KB5066782 2025-10-14 | Resolved | 2025-10-22 17:31 PT |
| Non-admins might receive unexpected UAC prompts when doing MSI repair operations This issue can affect apps that use Windows Installer (MSI), such as Autodesk AutoCAD or Office Professional Plus 2010. | OS Build 20348.4052 KB5063880 2025-08-12 | Resolved KB5065432 | 2025-09-09 10:00 PT |
| Apps that use Active Directory Forest Trust Information might have issues Apps using Microsoft .NET to acquire or set Forest Trust Information might fail, close, or you might receive an error. | OS Build 20348.469 KB5009555 2022-01-11 | Resolved | 2025-08-29 14:19 PT |
| Upgrades to some versions of Windows might fail with error 0x8007007F Certain upgrade paths of Windows server and client were affected; this issue has now been resolved. | N/A | Resolved | 2025-08-18 18:59 PT |
| Issues occur when using Microsoft Changjie Input Method Only devices using Traditional Chinese are affected. Reverting to the previous IME version prevents the issue. | OS Build 20348.3932 KB5062572 2025-07-08 | Resolved KB5063880 | 2025-08-12 10:00 PT |
| The April 2025 Windows RE update might show as unsuccessful in Windows Update Users might observe installation failure while trying to install the WinRE update which resolves after device restarts. | N/A KB5057588 2025-04-08 | Resolved KB5063522 | 2025-07-08 10:00 PT |
| Logon might fail with Windows Hello in Key Trust mode and log Kerberos Events The April 2025 update may trigger behavior in domain controllers that logs Kerberos event IDs 45 and 21 | OS Build 20348.3453 KB5055526 2025-04-08 | Resolved KB5060526 | 2025-06-10 10:00 PT |
| August 2024 security update might impact Linux boot in dual-boot setup devices This issue might impact devices with dual-boot setup for Windows and Linux when SBAT setting is applied | OS Build 20348.2655 KB5041160 2024-08-13 | Resolved KB5058385 | 2025-05-13 10:00 PT |
Issue details
October 2025
Smartcard authentication issues might occur with the October 2025 Windows update
| Status | Originating update | History |
|---|---|---|
| Resolved | OS Build 20348.4294 KB5066782 2025-10-14 | Resolved: 2025-10-22, 17:31 PT Opened: 2025-10-17, 20:06 PT |
Smart card authentication and other certificate operations might intentionally fail after installing Windows Updates released on or after October 14, 2025 (KB5066782) that contain protections for the security vulnerability, CVE-2024-30098. As part of this cryptography improvement, RSA-based smart card certificates are required to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).
Common symptoms for certificates that use CSP include:
- Smart cards not being recognized as CSP providers (Cryptographic Service Provider) in 32-bit applications
- Inability to sign documents
- Failures in applications relying on certificate-based authentication
- Users might observe error messages such as "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error."
You can detect if your smart card will be affected by this security enforcement if, prior to installing the October 2025 Windows security update (KB5066782), the System log contains Smart Card Service or Microsoft-Windows-Smartcard-Server Event ID: 624 with the message text: "Audit: This system is using CAPI for RSA cryptography operations. Please refer to the following link for more detail: https://go.microsoft.com/fwlink/?linkid=2300823."
Resolution:
For a permanent resolution, developers should update their authenticating app to perform Key Storage Retrieval using Key Storage API documented at Key Storage and Retrieval. Developers should complete this change before Windows updates released in April 2026, at which time the DisableCapiOverrideForRSA workaround listed below is planned to be removed.
Workaround:
If you encounter this issue, you can temporarily resolve it by setting the DisableCapiOverrideForRSA registry key value to 0. This is documented in CVE-2024-30098. Detailed steps to modify the registry key are listed below. Note: This option will be removed in Windows updates, planned for release in April 2026.
Steps to Modify the Registry
⚠️ Important: Editing the registry incorrectly can cause system issues. Always back up the registry before making changes.
1. Open Registry Editor.
- Press Win + R, type regedit, and press Enter.
- If prompted by User Account Control, click Yes.
2. Navigate to the subkey.
- Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais
3. Edit the key and set the value.
- Inside Calais, check if key DisableCapiOverrideForRSA exists
- Double-click DisableCapiOverrideForRSA.
- In Value date, enter: 0
Note: The DisableCapiOverrideForRSA registry setting is NOT added by the default OS install or the installation of Windows Updates and must be manually added on each device.
4. Close and restart.
- Close Registry Editor.
- Restart the computer for changes to take effect.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2
- Server: Windows Server 2025; Windows Server 23H2; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2
September 2025
Non-admins might receive unexpected UAC prompts when doing MSI repair operations
| Status | Originating update | History |
|---|---|---|
| Resolved KB5065432 | OS Build 20348.4052 KB5063880 2025-08-12 | Resolved: 2025-09-09, 10:00 PT Opened: 2025-09-03, 14:28 PT |
A security improvement was included in the August 2025 Windows security update (KB5063880) and later updates to enforce the requirement that User Account Control (UAC) prompt for administrator credentials when performing Windows Installer (MSI) repair and related operations. This improvement addressed security vulnerability CVE-2025-50173.
As a result, after installing the August 2025 Windows security update and later updates, UAC prompts for administrator rights can appear for standard users in the following scenarios:
- Running MSI repair commands (such as msiexec /fu).
- Launching Autodesk applications, including some versions of AutoCAD, Civil 3D and Inventor CAM, or when installing an MSI file after a user signs into the app for the first time.
- Installing applications that configure themselves per user.
- Running Windows Installer during Active Setup.
- Deploying packages via Manager Configuration Manager (ConfigMgr) that rely on user-specific "advertising" configurations.
- Enabling Secure Desktop.
If a standard user runs an app that initiates an MSI repair operation without displaying UI, it will fail with an error message. For example, installing and running Office Professional Plus 2010 as a standard user will fail with Error 1730 during the configuration process.
Resolution:
After installing the September 2025 Windows security update (KB5065432) or later updates, UAC prompts will only be required during MSI repair operations if the target MSI file contains an elevated custom action.
Since UAC prompts will still be required for apps that perform custom actions, after installing this update, IT admins will have access to a workaround to disable UAC prompts for specific apps by adding MSI files to an allowlist. For details, see the KB article: Unexpected UAC prompts when running MSI repair operations after installing the August 2025 Windows security update.
A Group Policy had previously been made available from Microsoft’s Support for business using Known Issue Rollback (KIR) to work around this issue. Organizations no longer need to install and configure this Group Policy to address this issue.
Affected platforms:
- Client: Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB
- Server: Windows Server 2025; Windows Server 2022; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
August 2025
Upgrades to some versions of Windows might fail with error 0x8007007F
| Status | Originating update | History |
|---|---|---|
| Resolved | N/A | Resolved: 2025-08-18, 18:59 PT Opened: 2025-08-18, 18:06 PT |
Starting August 12, 2025, some Windows upgrades might fail with error code ‘0x8007007F’ when performed via ‘Windows Setup > Upgrade’ installation. This issue affects both client and server platforms under specific upgrade paths.
Client upgrade paths affected:
- Upgrades from Windows 10, version 1809, Windows 10, version 21H2 and Windows 10, version 22H2 to Windows 11, versions 23H2 and 22H2
Server upgrade paths affected:
- Upgrades from Windows Server 2016 to Windows Server 2019 or Windows Server 2022
- Upgrades from Windows Server 2019 to Windows Server 2022
Note: Upgrades to Windows 11, 24H2 and Windows Server 2025 are not affected by this issue
Resolution: This issue was resolved as of August 15, 2025. Devices upgraded after this date should no longer encounter this error. If you do experience error ‘0x8007007F’, retrying the upgrade process will typically resolve the issue.
Affected platforms:
- Client: Windows 11, version 23H2; Windows 11, version 22H2
- Server: Windows Server 2022; Windows Server 2019
July 2025
Issues occur when using Microsoft Changjie Input Method
| Status | Originating update | History |
|---|---|---|
| Resolved KB5063880 | OS Build 20348.3932 KB5062572 2025-07-08 | Resolved: 2025-08-12, 10:00 PT Opened: 2025-07-11, 08:52 PT |
Following installation of the July 2025 Windows security updates (KB5062572), there might be issues when using the Microsoft Changjie IME (input method editor) for Traditional Chinese.
This issue only affects devices where Traditional Chinese is a preferred or common language or input method, and specifically where Changjie IME is used. Reported symptoms include:
- inability to form or select words after typing the full composition (associate phrase window)
- spacebar or blank key not responding
- incorrect or distorted word outputs
- the conversion candidate window fails to display properly
Microsoft Changjie is an IME that is included in Windows and available in currently supported versions.
Resolution: This issue is resolved in the August 2025 Windows security update (KB5063880) and later updates. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
If you have installed Windows updates released before before August 2025, you can use the following workaround. Windows IME supports a compatibility setting that allows using the previous version of an IME instead. Employing this option should help resolve this issue.
To revert to old version of the Microsoft Changjie IME, follow these steps:
- Open the Language & region setting. This can be accomplished by opening the Settings app, selecting Time & Language, then Language & Regions. You can also open the start menu and type "language" and select the top result.
- If Traditional Chinese is used on this device, the Chinese (Traditional) option will appear near the top. Select the three dots next to Chinese (Traditional) to open a menu and select Language Options.
- Under Keyboards, select the three dots next to Microsoft Changjie and select Keyboard Options from the menu.
- Under Compatibility, set the "Use previous version of Microsoft Changjie" option to On. Then select OK.
Affected platforms:
- Client: Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 10, version 1809; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
- Server: Windows Server 2025; Windows Server 2022; Windows Server, version 1809; Windows Server 2016
May 2025
Logon might fail with Windows Hello in Key Trust mode and log Kerberos Events
| Status | Originating update | History |
|---|---|---|
| Resolved KB5060526 | OS Build 20348.3453 KB5055526 2025-04-08 | Resolved: 2025-06-10, 10:00 PT Opened: 2025-05-06, 13:25 PT |
After installing the April Windows monthly security update released April 8, 2025 (KB5055523) or later, Active Directory Domain Controllers (DC) might experience authentication interruptions when processing Kerberos logons or delegations using certificate-based credentials that rely on key trust via the Active Directory msds-KeyCredentialLink field.
Following these updates, the method by which DCs validate certificates used for Kerberos authentication has changed, and will now require that certificates are chained to an issuing certificate authority (CA) in the NTAuth store. This is related to security measures described in KB5057784 - Protections for CVE-2025-26647 (Kerberos Authentication). As a result, authentication failures might be observed in Windows Hello for Business (WHfB) Key Trust environments or environments that have deployed Device Public Key Authentication (also known as Machine PKINIT). Other products which rely on this feature can also be impacted.
Enablement of this validation method can be controlled by the Windows registry value AllowNtAuthPolicyBypass in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc. Two scenarios can be observed following installation of the April 2025 Windows monthly security update on authenticating DCs:
- When registry value AllowNtAuthPolicyBypass is unconfigured or set to "1", Kerberos-Key-Distribution-Center event ID 45 is repeatedly recorded in the DC system event log, with text similar to "The Key Distribution Center (KDC) encountered a client certificate that was valid but did not chain to an Issuing CA in the NTAuth store". This is a new event, intentionally logged by DCs servicing authentication requests using unsafe certificates. Although this event may be logged excessively, please note that related logon operations are otherwise successful, and no other change is observed outside of these event log records.
- When registry value AllowNtAuthPolicyBypass is set to "2", self-signed certificate-based authentication fails. Kerberos-Key-Distribution-Center event ID 21 is recorded in the DC system event log. This is a legacy event logged when certificate-based authentication fails, and is intentionally logged when a DC services an authentication request using an unsafe certificate. The event description text for this event may vary.
Note that if the AllowNtAuthPolicyBypass registry key does not exist, the DC will behave as if the value is configured to “1”. The key may be created manually, if it does not exist, and configured as per above.
Windows Updates released on and after April 8, 2025 incorrectly log Event IDs 45 and 21 when servicing authentication requests using self-signed certificates that will never chain to a CA in the NTAuth store. Self-signed certificates may be used by the AD PKINIT Key Trust feature in the following scenarios:
- Windows Hello for Business (WHfB) Key Trust deployments
- Device Public Key Authentication (also known as Machine PKINIT).
- Other scenarios that rely on the msds-KeyCredentialLink field, such as smart card products, third-party single sign-on (SSO) solutions, and identity management systems.
Resolution: This issue was resolved by Windows updates released June 10, 2025 (KB5060526), and later. We recommend you install the latest security update for your device as it contains important improvements and issue resolutions, including this one.
If you install an update released June 10, 2025 or later, you do not need to use a workaround for this issue. If you are using an update released before this date and have this issue, you should temporarily delay setting a value of ‘2’ to registry key AllowNtAuthPolicyBypass on updated DCs servicing self-signed certificate-based authentication. For more information, see the Registry Settings section of KB5057784.
Affected platforms:
- Client: None
- Server: Windows Server 2025; Windows Server 2022; Windows Server 2019; Windows Server 2016
April 2025
The April 2025 Windows RE update might show as unsuccessful in Windows Update
| Status | Originating update | History |
|---|---|---|
| Resolved KB5063522 | N/A KB5057588 2025-04-08 | Resolved: 2025-07-08, 10:00 PT Opened: 2025-04-11, 17:03 PT |
After installing the April 2025 Windows Recovery Environment update [KB5057588], you might see the following error message in the Windows Update settings page: 0x80070643 – ERROR_INSTALL_FAILURE. This error message is not accurate and does not impact the update or device functionality. The Windows Recovery Environment (WinRE) is a recovery environment that can repair common causes of unbootable operating systems.
This error is observed when the device installs the WinRE update when there is another update in a pending reboot state. Although the error message suggests the update did not complete, the WinRE update is typically applied successfully after the device restarts. Windows Update might continue to display the update as failed until the next daily scan, at which point the update is no longer offered and the failure message is cleared automatically.
Resolution:
The ERROR_INSTALL_FAILURE error message that was previously observed with KB5057588 installed before 2 PM PT on April 21, 2025 has been resolved with the Windows update released July 8, 2025 (KB5063522). We recommend you install the latest update for your device as it contains important improvements and issue resolutions.
Please note: This update does not remove the incorrect error message which might still appear in the Windows Update History page.
Users who installed KB5057588 after 2 PM PT on April 21, 2025, should not observe the incorrect error message about the install failure. If the update is already installed, it will not be offered again, and the status of this update can be verified with the Dism /Online /Get-Packages command.
Affected platforms:
- Client: Windows 10, version 22H2; Windows 10, version 21H2
- Server: Windows Server 2022
August 2024
August 2024 security update might impact Linux boot in dual-boot setup devices
| Status | Originating update | History |
|---|---|---|
| Resolved KB5058385 | OS Build 20348.2655 KB5041160 2024-08-13 | Resolved: 2025-05-13, 10:00 PT Opened: 2024-08-21, 18:33 PT |
After installing the August 2024 Windows security update, (KB5041160) or the August 2024 preview update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”
The August 2024 Windows security and preview updates apply a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.
IMPORTANT: This known issue only occurs with the installation of the August 2024 security and preview updates. The September 2024 security update and later updates do not contain the settings that caused this issue.
Resolution: This issue was resolved by Windows updates released May 13, 2025 (KB5058385), and later. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.
Note: On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.
Affected platforms:
- Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise 2015 LTSB
- Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
February 2022
Apps that use Active Directory Forest Trust Information might have issues
| Status | Originating update | History |
|---|---|---|
| Resolved | OS Build 20348.469 KB5009555 2022-01-11 | Resolved: 2025-08-29, 14:19 PT Opened: 2022-02-04, 16:57 PT |
After installing updates released January 11, 2022 or later, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error. Note for developers: Affected apps use the System.DirectoryServices API.
Resolution: This issue was resolved in the out-of-band update for the version of .NET Framework used by the app. Note: These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in the Microsoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.
For instructions on how to install this update for your operating system, see the KB articles listed below:
- Windows Server 2022:
- .NET Framework 4.8 KB5011258
- Windows Server 2019:
- Windows Server 2016:
- Windows Server 2012 R2:
- Windows Server 2012:
Affected platforms:
- Client: None
- Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Report a problem with Windows updates
To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.
Need help with Windows updates?
Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.
For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.
View this site in your language
This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.