Windows Updates: Problems after Patch Day
Microsoft reports some issues occurring after the installation of the October Patch Day security updates.
Windows updates can cause problems.
(Image: heise online / dmk)
After installing the update previews from late September or the security updates from October in Windows, some unexpected side effects may occur. Microsoft reports failed authentication with smart cards, a non-functional mouse and keyboard in the Windows Recovery Environment, or the failure to load IIS web pages from localhost.
As Microsoft explains in the Windows Release Health notes, after applying the September update preview or the patch day updates, loading web pages from Internet Information Server (IIS) may fail with error messages such as “Connection reset—error (ERR_CONNECTION_RESET)” or similar. This occurs with server-side applications that build on HTTP.sys. Web pages hosted on http://localhost/ and other IIS connections are also affected. Affected devices should have admins search for updates, apply any available updates if necessary, and then restart the device – even if no update was apparently available. Microsoft has temporarily resolved the issue with a “Known Issues Rollback” (KIR).
Furthermore, after applying the October security updates, USB devices such as keyboards and mice no longer function in the Windows Recovery Environment (WinRE), Microsoft reports. This prevents navigation within the recovery options. Microsoft is working to clarify that USB keyboards and mice function normally within the Windows operating system. The manufacturer plans to provide a solution in the coming days.
Smart Card Logins with Problems
The October security updates can also cause issues with smart card authentication. As the developers write in the Windows Release Health notes, smart card users may receive error messages such as “Invalid provider type specified” or “CryptAcquireCertificatePrivateKey error.” Smart cards are not recognized as Cryptographic Service Providers (CSP) in 32-bit applications, documents cannot be signed with them, or errors occur in apps that rely on certificate-based authentication. This is due to an improvement in Windows security, where the Key Storage Provider (KSP) is used instead of the Certificate Service Provider (CSP) for RSA-based smart card certificates. Whether your own smart cards are affected can be identified in the system event logs by entries with Event ID 624 – even before applying the October security patches.
Videos by heise
Admins can help themselves with registry changes. Under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais, they need to set the entry DisableCapiOverrideForRSA to 0. If the key does not exist, it must be created. Microsoft does not specify the type, but a DWORD (32-bit) is assumed for this.
The problems primarily impact Windows Server 2025, Windows 11 25H2, and Windows 11 24H2. However, smart card authentication can also be problematic in Windows 11 23H2, 22H2, Windows 10 22H2, Windows Server 2022, 2019, 2016, 2012R2, and 2012.
On last week's patch day, Microsoft closed more than 170 security vulnerabilities with updated software. Therefore, IT managers should not refrain from applying them. 17 of the software patches even fix vulnerabilities classified as “critical.”
(dmk)
