"An October 2025 Microsoft Windows security update is wreaking havoc on enterprises, impacting multiple systems with bugs ranging from annoying to showstopper. The update in KB5066835 was intended to strengthen Windows cryptography, by moving from the older Cryptographic Services Provider (CSP) to the more secure Key Storage Provider (KSP), but users may now be experiencing issues with authentication, websites, updates, and even use of mice and keyboards."
""There are times when cybersecurity improvements in enterprise software result in some business interruption and adjustment until the software is updated and operating across platforms effectively," noted Jim Routh, chief trust officer at Saviynt. "That is clearly the case here.""
""Overall patch quality coming out of the October updates is abysmal," said David Shipley of Beauceron Security. "Between nuking localhost, keyboard and mouse issues in recovery mode, this is one of the worst QA'd updates I can think of in years.""
KB5066835 migrated Windows cryptography from Cryptographic Services Provider (CSP) to Key Storage Provider (KSP) and introduced multiple failures across enterprise environments. Reported impacts include broken smart card authentication, loss of USB mice and keyboards in Windows Recovery Environment (WinRE), IIS website loading failures, and disrupted Windows Update Standalone Installer (WUSA) upgrades from shared network folders. The update affected Windows 10 22H2, Windows 11 (23H2, 24H2, 25H2) and multiple Windows Server releases. Many development environments on Windows 11 were disrupted, prompting rollbacks. Security and operations teams reported significant business interruption and criticized patch quality.
#kb5066835 #csp-to-ksp-migration #smart-card-authentication #winre-keyboardmouse-failures #iis-and-update-failures
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]