Resolved issues in Windows 11, version 23H2

Find information on recently resolved issues for Windows 11, version 23H2. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge). For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X (formerly Twitter) for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.

Resolved issues

Issue details

October 2025

Smartcard authentication issues might occur with the October 2025 Windows update

Smart card authentication and other certificate operations might intentionally fail after installing Windows Updates released on or after October 14, 2025 (KB5066793) that contain protections for the security vulnerability, CVE-2024-30098. As part of this cryptography improvement, RSA-based smart card certificates are required to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).

Common symptoms for certificates that use CSP include:

• ​Smart cards not being recognized as CSP providers (Cryptographic Service Provider) in 32-bit applications
• ​Inability to sign documents
• ​Failures in applications relying on certificate-based authentication
• ​Users might observe error messages such as "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error."

You can detect if your smart card will be affected by this security enforcement if, prior to installing the October 2025 Windows security update (KB5066793), the System log contains Smart Card Service or Microsoft-Windows-Smartcard-Server Event ID: 624 with the message text: "Audit: This system is using CAPI for RSA cryptography operations. Please refer to the following link for more detail: https://go.microsoft.com/fwlink/?linkid=2300823."

Resolution:

For a permanent resolution, developers should update their authenticating app to perform Key Storage Retrieval using Key Storage API documented at Key Storage and Retrieval. Developers should complete this change before Windows updates released in April 2026, at which time the DisableCapiOverrideForRSA workaround listed below is planned to be removed.

Workaround:

If you encounter this issue, you can temporarily resolve it by setting the DisableCapiOverrideForRSA registry key value to 0. This is documented in CVE-2024-30098. Detailed steps to modify the registry key are listed below. Note: This option will be removed in Windows updates, planned for release in April 2026.

Steps to Modify the Registry

⚠️ Important: Editing the registry incorrectly can cause system issues. Always back up the registry before making changes.

1. Open Registry Editor.

• ​Press Win + R, type regedit, and press Enter.
• ​If prompted by User Account Control, click Yes.

2. Navigate to the subkey.

• ​Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais

3. Edit the key and set the value.

• ​Inside Calais, check if key DisableCapiOverrideForRSA exists
• ​Double-click DisableCapiOverrideForRSA.
• ​In Value date, enter: 0

Note: The DisableCapiOverrideForRSA registry setting is NOT added by the default OS install or the installation of Windows Updates and must be manually added on each device.

4. Close and restart.

• ​Close Registry Editor.
• ​Restart the computer for changes to take effect.

Affected platforms:

• ​Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2
• ​Server: Windows Server 2025; Windows Server 23H2; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2

September 2025

Non-admins might receive unexpected UAC prompts when doing MSI repair operations

(Updated 11/26/25: Additional improvements were added to the Resolution section.)

A security improvement was included in the August 2025 Windows security update (KB5063875) and later updates to enforce the requirement that User Account Control (UAC) prompt for administrator credentials when performing Windows Installer (MSI) repair and related operations. This improvement addressed security vulnerability CVE-2025-50173.

As a result, after installing the August 2025 Windows security update and later updates, UAC prompts for administrator rights can appear for standard users in the following scenarios:

• ​Running MSI repair commands (such as msiexec /fu).
• ​Launching Autodesk applications, including some versions of AutoCAD, Civil 3D and Inventor CAM, or when installing an MSI file after a user signs into the app for the first time.
• ​Installing applications that configure themselves per user.
• ​Running Windows Installer during Active Setup.
• ​Deploying packages via Manager Configuration Manager (ConfigMgr) that rely on user-specific "advertising" configurations.
• ​Enabling Secure Desktop.

If a standard user runs an app that initiates an MSI repair operation without displaying UI, it will fail with an error message. For example, installing and running Office Professional Plus 2010 as a standard user will fail with Error 1730 during the configuration process.

Resolution:

After installing the September 2025 Windows security update (KB5065431) or later updates, UAC prompts will only be required during MSI repair operations if the target MSI file contains an elevated custom action. This requirement is further refined after installing Windows updates released on and after October 28, 2025, so that UAC prompts will only be required if the elevated custom actions are executed during the repair flow.

Installing the latest Windows updates will resolve this issue for apps that do not execute such elevated custom actions, such as Autodesk AutoCAD.

Since UAC prompts will still be required for apps that perform custom actions, after installing the September 2025 update, IT admins will have access to a workaround to disable UAC prompts for specific apps by adding MSI files to an allowlist. For details, see the KB article: Unexpected UAC prompts when running MSI repair operations after installing the August 2025 Windows security update.

A Group Policy had previously been made available from Microsoft’s Support for business using Known Issue Rollback (KIR) to work around this issue. Organizations no longer need to install and configure this Group Policy to address this issue.

Affected platforms:

• ​Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB

• ​Server: Windows Server 2025; Windows Server 2022; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2; Windows Server 2008 SP2

August 2025

Reset and recovery operations on some Windows versions might fail

After installing the August 2025 Windows security update (KB5063875) on any of the client versions mentioned below in the ‘Affected platforms’ section, attempts to reset or recover the device might fail. 

This issue happens when users perform one or more of the following processes:

1. ​System >Recovery > Reset my PC
2. ​System > Recovery > Fix problems using Windows Update
3. ​RemoteWipe CSP

Resolution:

This issue was resolved in the out-of-band (OOB) update KB5066189. If your device is impacted by this issue, we recommend installing this out-of-band update instead of KB5063875.

Since this is a cumulative update, you do not need to apply any previous update before installing KB5066189, as it supersedes all previous updates for affected versions. This update does not contain any additional security updates from those available in the August 2025 security update. Installation of this OOB will require a device restart. If your organization uses the affected platforms and hasn’t yet deployed the August 2025 security update yet, we recommend you apply this OOB update instead. To install this update, follow the steps under How to get this update in KB5066189.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021; Windows 10 Enterprise LTSC 2019 and Windows 10 IoT Enterprise LTSC 2019
• ​Server: None

Upgrades to some versions of Windows might fail with error 0x8007007F

Starting August 12, 2025, some Windows upgrades might fail with error code ‘0x8007007F’ when performed via ‘Windows Setup > Upgrade’ installation. This issue affects both client and server platforms under specific upgrade paths.

Client upgrade paths affected:

• ​Upgrades from Windows 10, version 1809, Windows 10, version 21H2 and Windows 10, version 22H2 to Windows 11, versions 23H2 and 22H2

Server upgrade paths affected:

• ​Upgrades from Windows Server 2016 to Windows Server 2019 or Windows Server 2022
• ​Upgrades from Windows Server 2019 to Windows Server 2022

Note: Upgrades to Windows 11, 24H2 and Windows Server 2025 are not affected by this issue

Resolution: This issue was resolved as of August 15, 2025. Devices upgraded after this date should no longer encounter this error. If you do experience error ‘0x8007007F’, retrying the upgrade process will typically resolve the issue.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2
• ​Server: Windows Server 2022; Windows Server 2019

July 2025

Issues occur when using Microsoft Changjie Input Method

Following installation of the July 2025 Windows security updates (KB5062552), there might be issues when using the Microsoft Changjie IME (input method editor) for Traditional Chinese.

This issue only affects devices where Traditional Chinese is a preferred or common language or input method, and specifically where Changjie IME is used. Reported symptoms include:

• ​inability to form or select words after typing the full composition (associate phrase window)
• ​spacebar or blank key not responding
• ​incorrect or distorted word outputs
• ​the conversion candidate window fails to display properly

Microsoft Changjie is an IME that is included in Windows and available in currently supported versions.

Resolution: This issue is resolved in the July 2025 Windows non-security update (KB5062663) and later updates. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

If you have installed Windows updates released before before July 2025, you can use the following workaround. Windows IME supports a compatibility setting that allows using the previous version of an IME instead. Employing this option should help resolve this issue.

To revert to old version of the Microsoft Changjie IME, follow these steps:

1. ​Open the Language & region setting. This can be accomplished by opening the Settings app, selecting Time & Language, then Language & Regions. You can also open the start menu and type "language" and select the top result.
2. ​If Traditional Chinese is used on this device, the Chinese (Traditional) option will appear near the top. Select the three dots next to Chinese (Traditional) to open a menu and select Language Options.
3. ​Under Keyboards, select the three dots next to Microsoft Changjie and select Keyboard Options from the menu.
4. ​Under Compatibility, set the "Use previous version of Microsoft Changjie" option to On. Then select OK.

Affected platforms:

• ​Client: Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 10, version 1809; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
• ​Server: Windows Server 2025; Windows Server 2022; Windows Server, version 1809; Windows Server 2016

May 2025

KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys

While installing the May Windows security update (KB5058405) on the Windows versions listed below, some devices might encounter the following recovery error:

Your PC/Device needs to be repaired
The operating system couldn't be loaded because a required file is missing or contains errors.
File: ACPI.sys
Error code: 0xc0000098

This issue has been observed on a small number of physical devices, but primarily on devices running in virtual environments, including:

• ​Azure Virtual Machines
• ​Azure Virtual Desktop
• ​On-premises virtual machines hosted on Citrix or Hyper-V

Home users of Windows Home or Pro editions are unlikely to face this issue, as virtual machines are mostly used in IT environments.

The ACPI.sys file (Advanced Configuration and Power Interface) is a critical Windows system driver that enables Windows to manage hardware resources and power states. Note: There are also reports of this same error occurring with a different file name.

Resolution:

This issue is resolved in the out-of-band (OOB) update KB5062170, which is only available via the Microsoft Update Catalog.  If you experienced this issue, or if you have not yet deployed the May 2025 Windows security update on the Windows versions listed below and your IT environment includes devices running in a virtual desktop infrastructure, we recommend you apply the out-of-band update instead.

Note: This out-of-band update contains all of the improvements and fixes included in the May 2025 Windows non-security preview update (KB5058502), in addition to this issue’s resolution. Since this is a cumulative update, you do not need to apply any previous update before installing KB5062170, as it supersedes all previous updates for affected versions. This update does not contain any additional security updates from those available in the May 2025 Windows security update. Installation of this OOB will require a device restart.

If you experienced this issue and are unable to start Windows, please try the following steps to recover your device. After you've recovered your device, install the out-of-band update (KB5062170) via the Microsoft Update Catalog.

• ​On Recovery-enabled devices:

1. ​Access the Windows Recovery Environment.
2. ​Restart Windows.

• ​On non-Recovery enabled devices:

1. ​Mount the virtual hard disk (VHD) from a remote device.
2. ​Mount the VHD on another virtual machine (VM) or device as a data disk and then return it back to the affected VM.
3. ​Restart Windows in normal mode. This will revert Windows to the last successfully installed Windows update.

For Azure customers, we recommend using the self-help repair steps outlined in this article to carry out these steps: Repair a Windows VM using Azure Virtual Machine repair commands.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2
• ​Server: None

April 2025

Windows 11, version 24H2 might not download via Windows Server Updates Services

Devices which have installed the April Windows monthly security update, released April 8, 2025, (KB5055528), the April 11, 2025, Windows out-of-band update (KB5058919), or the April 22, 2025, Windows preview update (KB5055629), might be unable to update to Windows 11, version 24H2 via Windows Server Update Services (WSUS). WSUS allows Servers with the WSUS role to defer, selectively approve, and schedule updates for specific devices or groups across an organization.

As part of this issue, the download of Windows 11, version 24H2 does not initiate or complete. Windows updates log can show error code 0x80240069, and further logs might include text similar to "Service wuauserv has unexpectedly stopped". 

Resolution: This issue was resolved by Windows updates released May 13, 2025 (KB5058405), and later. We recommend you install the latest security update for your device as it contains important improvements and issue resolutions, including this one.

If you have an enterprise-managed device and have installed the update released May 13, 2025 KB5058405, or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before May 13, 2025, and have this issue, your IT administrator can resolve it by installing and configuring the special Group Policy listed below.

Group Policy downloads with Group Policy name:

• ​Download for Windows 11, version 23H2 and Windows 11, version 22H2 – Windows 11 22H2 KB5055528 250426_03001 Known Issue Rollback.msi (also applicable to Windows 11, version 23H2)

The special Group Policy can be found in Computer Configuration > Administrative Templates > <Group Policy name>. For information on deploying and configuring these special Group Policies, please see How to use Group Policy to deploy a Known Issue Rollback.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2
• ​Server: None

March 2025

USB printers might print random text with the January 2025 preview update

After installing the January 2025 Windows preview update (KB5050092), released January 29, 2025, or later updates, you might observe issues with USB connected dual-mode printers that support both USB Print and IPP Over USB protocols. You might observe that the printer unexpectedly prints random text and data, including network commands and unusual characters. Resulting from this issue, the printed text might often start with the header "POST /ipp/print HTTP/1.1", followed by other IPP (Internet Printing Protocol) related headers. This issue tends to occur more often when the printer is either powered on or reconnected to the device after being disconnected.

The issue is observed when the printer driver is installed on the Windows device, and the print spooler sends IPP protocol messages to the printer, causing it to print unexpected text.

Resolution:

This issue was resolved by Windows updates released March 25, 2025 (KB5053657), and later. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

If you have an enterprise-managed device and have installed the update released March 25, 2025 (KB5053657) or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before March 25, 2025, 2024, and have this issue, your IT administrator can resolve it by installing and configuring the special Group Policy listed below. The special Group Policy can be found in Computer Configuration > Administrative Templates > <Group Policy name listed below>.

For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback.

Group Policy downloads with Group Policy name:

• ​Download for Windows 11, version 23H2 and 22H2 - Windows 11 22H2 KB5050092 250131_150523 Known Issue Rollback
• ​Download for Windows 10, version 22H2 - Windows 10 22H2, 21H1, 21H2 and 22H2 KB5050081 250131_082569 Known Issue Rollback

Important: You will need to install and configure the Group Policy for your version of Windows to resolve this issue. You will also need to restart your device(s) to apply the group policy setting. Note that the Group Policy will temporarily disable the change causing the printing issue. 

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2
• ​Server: None

August 2024

August 2024 security update might impact Linux boot in dual-boot setup devices

After installing the August 2024 Windows security update, (KB5041585) or the August 2024 preview update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

The August 2024 Windows security and preview updates apply a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

IMPORTANT: This known issue only occurs with the installation of the August 2024 security and preview updates. The September 2024 security update and later updates do not contain the settings that caused this issue.

Resolution: This issue was resolved by Windows updates released May 13, 2025 (KB5058405), and later. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

Note: On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise 2015 LTSB
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

Report a problem with Windows updates

To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.

Need help with Windows updates?

Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.

For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.

View this site in your language

This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.