Find information on recently resolved issues for Windows Server 2022. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge). For immediate help with Windows update issues,click here if you are using a Windows device to open the Get Help app or go tosupport.microsoft.com. Follow@WindowsUpdate on X (formerly Twitter) for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use theWindows Updates API in Microsoft Graph.

Resolved issues

Issue details

October 2025

Smartcard authentication issues might occur with the October 2025 Windows update

Smart card authentication and other certificate operations might intentionally fail after installing Windows Updates released on or after October 14, 2025 (KB5066782) that contain protections for the security vulnerability, CVE-2024-30098. As part of this cryptography improvement, RSA-based smart card certificates are required to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).

Common symptoms for certificates that use CSP include:

• ​Smart cards not being recognized as CSP providers (Cryptographic Service Provider) in 32-bit applications
• ​Inability to sign documents
• ​Failures in applications relying on certificate-based authentication
• ​Users might observe error messages such as "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error."

You can detect if your smart card will be affected by this security enforcement if, prior to installing the October 2025 Windows security update (KB5066782), the System log contains Smart Card Service or Microsoft-Windows-Smartcard-Server Event ID: 624 with the message text: "Audit: This system is using CAPI for RSA cryptography operations. Please refer to the following link for more detail: https://go.microsoft.com/fwlink/?linkid=2300823."

Resolution:

For a permanent resolution, developers should update their authenticating app to perform Key Storage Retrieval using Key Storage API documented at Key Storage and Retrieval. Developers should complete this change before Windows updates released in April 2026, at which time theDisableCapiOverrideForRSAworkaround listed below is planned to be removed.

Workaround:

If you encounter this issue, you can temporarily resolve it by setting the DisableCapiOverrideForRSA registry key value to 0. This is documented in CVE-2024-30098. Detailed steps to modify the registry key are listed below.Note: This option will be removed in Windows updates, planned for release in April 2026.

Steps to Modify the Registry

⚠️ Important: Editing the registry incorrectly can cause system issues. Always back up the registry before making changes.

1. Open Registry Editor.

• ​Press Win + R, type regedit, and press Enter.
• ​If prompted by User Account Control, click Yes.

2. Navigate to the subkey.

• ​Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais

3. Edit the key and set the value.

• ​Inside Calais, check if key DisableCapiOverrideForRSA exists
• ​Double-click DisableCapiOverrideForRSA.
• ​In Value date, enter: 0

Note: The DisableCapiOverrideForRSA registry setting is NOT added by the default OS install or the installation of Windows Updates and must be manually added on each device.

4. Close and restart.

• ​Close Registry Editor.
• ​Restart the computer for changes to take effect.

Affected platforms:

• ​Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2
• ​Server: Windows Server 2025; Windows Server 23H2; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2

September 2025

Non-admins might receive unexpected UAC prompts when doing MSI repair operations

(Updated 11/26/25: Additional improvements were added to the Resolution section.)

A security improvement was included in the August 2025 Windows security update (KB5063880) and later updates to enforce the requirement that User Account Control (UAC) prompt for administrator credentials when performing Windows Installer (MSI) repair and related operations. This improvement addressed security vulnerability CVE-2025-50173.

As a result, after installing the August 2025 Windows security update and later updates, UAC prompts for administrator rights can appear for standard users in the following scenarios:

• ​Running MSI repair commands (such asmsiexec /fu).
• ​Launching Autodesk applications, including some versions of AutoCAD, Civil 3D and Inventor CAM, or when installing an MSI file after a user signs into the app for the first time.
• ​Installing applications that configure themselves per user.
• ​Running Windows Installer during Active Setup.
• ​Deploying packages viaManager Configuration Manager (ConfigMgr) that rely on user-specific "advertising" configurations.
• ​Enabling Secure Desktop.

If a standard user runs an app that initiates an MSI repair operation without displaying UI, it will fail with an error message. For example, installing and running Office Professional Plus 2010 as a standard user will fail with Error 1730 during the configuration process.

Resolution:

After installing the September 2025 Windows security update (KB5065432) or later updates, UAC prompts will only be required during MSI repair operations if the target MSI file contains an elevatedcustom action. This requirement is further refined after installing Windows updates released on and after November 11, 2025, so that UAC prompts will only be required if the elevated custom actions are executed during the repair flow.

Installing the latest Windows updates will resolve this issue for apps that do not execute such elevated custom actions, such as Autodesk AutoCAD.

Since UAC prompts will still be required for apps that perform custom actions, after installing the September 2025 update, IT admins will have access to a workaround to disable UAC prompts for specific apps by adding MSI files to an allowlist. For details, see the KB article:Unexpected UAC prompts when running MSI repair operations after installing the August 2025 Windows security update.

A Group Policy had previously been made available fromMicrosoft’s Support for business using Known Issue Rollback (KIR) to work around this issue. Organizations no longer need to install and configure this Group Policy to address this issue.

Affected platforms:

• ​Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB

• ​Server: Windows Server 2025; Windows Server 2022; Windows Server, version 1809; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2; Windows Server 2008 SP2

August 2025

Upgrades to some versions of Windows might fail with error 0x8007007F

Starting August 12, 2025, some Windows upgrades might fail with error code ‘0x8007007F’ when performed via ‘Windows Setup > Upgrade’ installation. This issue affects both client and server platforms under specific upgrade paths.

Client upgrade paths affected:

• ​Upgradesfrom Windows 10, version 1809, Windows 10, version 21H2 and Windows 10, version 22H2to Windows 11, versions 23H2 and 22H2

Server upgrade paths affected:

• ​Upgradesfrom Windows Server 2016to Windows Server 2019 or Windows Server 2022
• ​Upgradesfrom Windows Server 2019to Windows Server 2022

Note: Upgrades to Windows 11, 24H2 and Windows Server 2025 are not affected by this issue

Resolution: This issue was resolved as of August 15, 2025. Devices upgraded after this date should no longer encounter this error. If you do experience error ‘0x8007007F’, retrying the upgrade process will typically resolve the issue.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2
• ​Server: Windows Server 2022; Windows Server 2019

July 2025

Issues occur when using Microsoft Changjie Input Method

Following installation of the July 2025 Windows security updates (KB5062572), there might be issues when using theMicrosoft Changjie IME (input method editor) for Traditional Chinese.

This issue only affects devices where Traditional Chinese is a preferred or common language or input method, and specifically where Changjie IME is used. Reported symptoms include:

• ​inability to form or select words after typing the full composition (associate phrase window)
• ​spacebar or blank key not responding
• ​incorrect or distorted word outputs
• ​the conversion candidate window fails to display properly

Microsoft Changjie is an IME that is included in Windows and available in currently supported versions.

Resolution: This issue is resolved in the August 2025 Windows security update (KB5063880) and later updates. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

If you have installed Windows updates released before before August 2025, you can use the following workaround. Windows IME supports a compatibility setting that allows using the previous version of an IME instead. Employing this option should help resolve this issue.

To revert to old version of the Microsoft Changjie IME, follow these steps:

1. ​Open theLanguage & region setting. This can be accomplished by opening theSettings app, selectingTime & Language, thenLanguage & Regions. You can also open the start menu and type "language" and select the top result.
2. ​If Traditional Chinese is used on this device, the Chinese (Traditional) option will appear near the top. Select the three dots next toChinese (Traditional) to open a menu and selectLanguage Options.
3. ​UnderKeyboards, select the three dots next toMicrosoft Changjie and selectKeyboard Options from the menu.
4. ​UnderCompatibility, set the "Use previous version of Microsoft Changjie" option toOn. Then selectOK.

Affected platforms:

• ​Client: Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 10, version 1809; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
• ​Server: Windows Server 2025; Windows Server 2022; Windows Server, version 1809; Windows Server 2016

May 2025

Logon might fail with Windows Hello in Key Trust mode and log Kerberos Events

After installing the April Windows monthly security update released April 8, 2025 (KB5055523) or later, Active Directory Domain Controllers (DC) might experience authentication interruptions when processing Kerberos logons or delegations using certificate-based credentials that rely on key trust via the Active Directorymsds-KeyCredentialLink field.

Following these updates, the method by which DCs validate certificates used for Kerberos authentication has changed, and will now require that certificates are chained to an issuing certificate authority (CA) in the NTAuth store. This is related to security measures described inKB5057784 - Protections for CVE-2025-26647 (Kerberos Authentication). As a result, authentication failures might be observed in Windows Hello for Business (WHfB) Key Trust environments or environments that have deployed Device Public Key Authentication (also known as Machine PKINIT). Other products which rely on this feature can also be impacted.

Enablement of this validation method can be controlled by the Windows registry valueAllowNtAuthPolicyBypass inHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc. Two scenarios can be observed following installation of the April 2025 Windows monthly security update on authenticating DCs:

• ​When registry valueAllowNtAuthPolicyBypass is unconfigured or set to "1", Kerberos-Key-Distribution-Centerevent ID 45 is repeatedly recorded in the DC system event log, with text similar to "The Key Distribution Center (KDC) encountered a client certificate that was valid but did not chain to an Issuing CA in the NTAuth store". This is a new event, intentionally logged by DCs servicing authentication requests using unsafe certificates. Although this event may be logged excessively, please note that related logon operations are otherwise successful, and no other change is observed outside of these event log records.

• ​When registry valueAllowNtAuthPolicyBypass is set to "2", self-signed certificate-based authentication fails. Kerberos-Key-Distribution-Centerevent ID 21 is recorded in the DC system event log. This is a legacy event logged when certificate-based authentication fails, and is intentionally logged when a DC services an authentication request using an unsafe certificate. The event description text for this event may vary.

Note that if theAllowNtAuthPolicyBypass registry key does not exist, the DC will behave as if the value is configured to “1”. The key may be created manually, if it does not exist, and configured as per above.

Windows Updates released on and after April 8, 2025 incorrectly log Event IDs 45 and 21 when servicing authentication requests using self-signed certificates that will never chain to a CA in the NTAuth store. Self-signed certificates may be used by the AD PKINIT Key Trust feature in the following scenarios:

• ​Windows Hello for Business (WHfB) Key Trust deployments
• ​Device Public Key Authentication (also known as Machine PKINIT).
• ​Other scenarios that rely on themsds-KeyCredentialLink field, such as smart card products, third-party single sign-on (SSO) solutions, and identity management systems.

Resolution: This issue was resolved by Windows updates released June 10, 2025 (KB5060526), and later. We recommend you install the latest security update for your device as it contains important improvements and issue resolutions, including this one.

If you install an update released June 10, 2025 or later, you do not need to use a workaround for this issue. If you are using an update released before this date and have this issue, you should temporarily delay setting a value of ‘2’ to registry keyAllowNtAuthPolicyBypass on updated DCs servicing self-signed certificate-based authentication. For more information, see the Registry Settings section ofKB5057784.

Affected platforms:

• ​Client: None
• ​Server: Windows Server 2025; Windows Server 2022; Windows Server 2019; Windows Server 2016

April 2025

The April 2025 Windows RE update might show as unsuccessful in Windows Update

After installing the April 2025 Windows Recovery Environment update [KB5057588], you might see the following error message in the Windows Update settings page: 0x80070643 – ERROR_INSTALL_FAILURE. This error message is not accurate and does not impact the update or device functionality. The Windows Recovery Environment (WinRE) is a recovery environment that can repair common causes of unbootable operating systems.

This error is observed when the device installs the WinRE update when there is another update in a pending reboot state. Although the error message suggests the update did not complete, the WinRE update is typically applied successfully after the device restarts. Windows Update might continue to display the update as failed until the next daily scan, at which point the update is no longer offered and the failure message is cleared automatically.

Resolution:

The ERROR_INSTALL_FAILURE error message that was previously observed withKB5057588 installed before 2 PM PT on April 21, 2025 has been resolved with the Windows update released July 8, 2025 (KB5063522). We recommend you install the latest update for your device as it contains important improvements and issue resolutions. 

Please note:This update does not remove the incorrect error message which might still appear in the Windows Update History page. 

Users who installedKB5057588 after 2 PM PT on April 21, 2025, should not observe the incorrect error message about the install failure. If the update is already installed, it will not be offered again, and the status of this update can be verified with theDism /Online /Get-Packages command. 

Affected platforms:

• ​Client: Windows 10, version 22H2; Windows 10, version 21H2
• ​Server: Windows Server 2022

August 2024

August 2024 security update might impact Linux boot in dual-boot setup devices

After installing the August 2024 Windows security update, (KB5041160) or the August 2024 preview update, you might face issues with booting Linux if you have enabled the dual-boot setup for Windows and Linux in your device. Resulting from this issue, your device might fail to boot Linux and show the error message “Verifying shim SBAT data failed: Security Policy Violation. Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation.”

The August 2024 Windows security and preview updates apply a Secure Boot Advanced Targeting (SBAT) setting to devices that run Windows to block old, vulnerable boot managers. This SBAT update will not be applied to devices where dual booting is detected. On some devices, the dual-boot detection did not detect some customized methods of dual-booting and applied the SBAT value when it should not have been applied.

IMPORTANT: This known issue only occurs with the installation of the August 2024 security and preview updates. The September 2024 security update and later updates do not contain the settings that caused this issue.

Resolution:This issue was resolved by Windows updates released May 13, 2025 (KB5058385), and later. We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one.

Note: On Windows-only systems, after installing the September 2024 or later updates, you can set the registry key documented in CVE-2022-2601 and CVE-2023-40547 to ensure the SBAT security update is applied. On systems that dual-boot Linux and Windows, there are no additional steps necessary after installing the September 2024 or later updates.

Affected platforms:

• ​Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 11, version 21H2; Windows 10, version 22H2; Windows 10, version 21H2; Windows 10 Enterprise 2015 LTSB
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

February 2022

Apps that use Active Directory Forest Trust Information might have issues

After installing updates released January 11, 2022 or later, apps using Microsoft .NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows. You might also receive an access violation (0xc0000005) error.Note for developers: Affected apps use theSystem.DirectoryServices API.

Resolution: This issue was resolved in the out-of-band update for the version of .NET Framework used by the app.Note: These out-of-band updates are not available from Windows Update and will not install automatically. To get the standalone package, search for the KB number for your version of Windows and .NET Framework in theMicrosoft Update Catalog. You can manually import these updates into Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. For WSUS instructions, seeWSUS and the Catalog Site. For Configuration Manger instructions, seeImport updates from the Microsoft Update Catalog.

For instructions on how to install this update for your operating system, see the KB articles listed below:

• ​Windows Server 2022: 
  • ​.NET Framework 4.8KB5011258
• ​Windows Server 2019: 
  • ​.NET Framework 4.8KB5011257
  • ​.NET Framework 4.7.2KB5011259
• ​Windows Server 2016: 
  • ​.NET Framework 4.8KB5011264
  • ​.NET Framework 4.6.2, 4.7, 4.7.1 or 4.7.2KB5011329
• ​Windows Server 2012 R2: 
  • ​.NET Framework 4.8KB5011266
  • ​.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2KB5011263
  • ​.NET Framework 4.5.2KB5011261
• ​Windows Server 2012:
  • ​.NET Framework 4.8 KB5011265
  • ​.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 or 4.7.2 KB5011262
  • ​.NET Framework 4.5.2 KB5011260

Affected platforms:

• ​Client: None
• ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012

Report a problem with Windows updates

To report an issue to Microsoft at any time, use theFeedback Hub app. To learn more, seeSend feedback to Microsoft with the Feedback Hub app.

Need help with Windows updates?

Search, browse, or ask a question on theMicrosoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on theMicrosoft 365 admin center for additional details.

For direct help with your home PC, use the Get Help app in Windows or contactMicrosoft Support. Organizations can request immediate support throughSupport for business.

View this site in your language

This site is available in11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.