Major Windows Update Causes Widespread System and Security Issues
482A recent security update from Microsoft in October 2025 has caused quite a stir among businesses using Windows. The update, known as KB5066835, was supposed to make Windows cryptography safer by switching from an older system called CSP to a newer, more secure one called KSP. But instead, many users are facing problems with logging in, websites not loading, devices not working properly, and issues with system recovery modes.
This update affects a range of Windows versions, including Windows 10 (version 22H2), Windows 11 (versions 23H2, 24H2, and 25H2), and Windows Server editions from 2012 to 2025. Experts say that sometimes, security improvements can temporarily disrupt normal operations until everything is patched and stable again. Jim Routh, a cybersecurity chief, commented that this kind of situation is common when enterprise software is updated for security, but it can cause business interruptions at first.
Authentication Problems and Device Failures
One of the biggest issues has been with smart cards used for high-security login processes. Many users find that their smart cards are no longer recognized as valid cryptographic providers in some applications. This results in errors when trying to digitally sign documents or authenticate in systems that rely on certificates. Microsoft explained that these problems are linked to the security enhancements in the update, but they also provided a workaround. By changing a specific registry setting, users can fix the smart card recognition issues. Still, editing the registry can be risky if not done carefully, so backups are recommended.
Another major problem involves USB devices like mice and keyboards. In the Windows Recovery Environment (WinRE), which is used to fix problems, these devices often stop working after the update. This makes it hard to navigate recovery options. Microsoft has released an additional update, KB5070773, to specifically address this issue. Additionally, some server-side applications that rely on HTTP connections are failing, showing errors like “ERR_CONNECTION_RESET.” Websites hosted locally on IIS servers are also not loading properly, causing frustration for web admins.
Update Failures and Business Impact
The update has also caused failures when trying to install other updates using Windows’ built-in tools. Specifically, the WUSA installer sometimes throws errors like “ERROR_BAD_PATHNAME” when multiple update files are stored on shared network folders. A simple workaround is to copy the update files to a local machine and install from there. Microsoft has acknowledged these issues and stated they are working on fixes that will come in future updates.
For organizations, especially those in banking, government, or defense sectors, these problems can be serious. Disrupted authentication means less security and potential vulnerabilities. Some organizations might even revert to weaker login methods if their systems break down. Experts recommend that affected companies temporarily disable certain registry settings (like the “DisableCapiOverrideForRSA” key) to work around the issues. This setting will be removed in April 2026, so the workaround is only temporary.
To better prepare for future problems, companies should establish testing procedures for updates, create multiple ways for critical systems to authenticate users, and develop contingency plans. These steps can help minimize disruptions if similar issues crop up again. While these bugs are frustrating, most experts agree that the underlying security improvements from the update are beneficial once the problems are sorted out.
In the end, this situation highlights the challenge of balancing security enhancements with system stability. As Microsoft works on fixing these bugs, enterprises need to stay vigilant and prepared for unexpected hiccups in their updates.
What do you think?
It is nice to know your opinion. Leave a comment.