[German]Addendum from last week, where security updates for Windows Clients and Windows Server were rolled out on October 14, 2025. Microsoft has admitted that these security updates cause problems with smart cards. Under certain circumstances, these may no longer be recognized, and administrators must apply a workaround.
Windows Oktober 2025 Updates
On October 14, 2025, numerous security updates were released for the Windows versions still supported. For Windows clients, the updates are described in the article Patchday: Windows 10/11 Updates (October 14, 2025), while the updates for the server versions are listed in the article Patchday: Windows Server-Updates (October 14, 2025). This marks the end of support for Windows 10 22H2 clients, meaning there will be no further functional changes. Only ESU updates will be offered for licensed devices in the future.
Issues with Smartcards
On October 17, 2025, Microsoft published the support article Smartcard authentication issues might occur with the October 2025 Windows update in the Known Issues section for various Windows versions (e.g., on the Windows 11 25H2 Release Health Status page).
After installing the Windows security update from October 14, 2025, for Windows 11 24H2 and 25H2 (update KB5066835), users may experience problems with smart card authentication and certificates, according to Microsoft. Common symptoms include:
- Smart cards are not recognized as CSP (Cryptographic Service Provider) providers in 32-bit applications.
- Documents cannot be signed (using the smart card).
- Errors in applications that rely on certificate-based authentication.
As a result of this issue, users may see error messages such as Invalid provider type and CryptAcquireCertificatePrivateKey errors.
According to Microsoft, this issue is related to a Windows security enhancement that uses Key Storage Providers (KSP) instead of Cryptographic Service Providers (CSP) for RSA-based smart card certificates to improve cryptography.
Which systems are affected?
Basically, all Windows systems still under support are affected. Microsoft lists the following versions:
- Client: Windows 11 24H2 – 25H2; Windows 11 22H2 – 23H2; Windows 10 22H2
- Server: Windows Server 2025; Windows Server 23H2; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Is the smart card affected by the problem?
To determine whether the smart card you are using is affected by this problem, you can check the entries in the event log under System for the smart card service. If you find an entry for event ID 624 with the following text in Windows 11 24H2 – 25H2 before installing the KB5066835 update on October 14, 2025, you are likely affected by the problem.
Audit: This system uses CAPI for RSA cryptography operations. For more information, see the following link: https://go.microsoft.com/fwlink/?linkid=2300823.
A possible workaround
If you are affected by this issue, you can set the value of the DWORD entry DisableCapiOverrideForRSA to 0 in the Windows registry under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais
This requires calling the registry editor via Run as administrator. The above conclusion is documented in the article CVE-2024-30098 – Security Update Guide – Microsoft – Windows Cryptographic Services Security Feature Bypass VulnerabilityDetailed steps for changing the registry key are listed in the support article.
Similar articles:
Microsoft Security Update Summary (October 14, 2025)
Patchday: Windows 10/11 Updates (October 14, 2025)
Patchday: Windows Server-Updates (October 14, 2025)
Patchday: Microsoft Office Updates (October 14, 2025)
Exchange Server Security Updates October 2025
Windows 10 22H2/Windows 11 23H2-25H2: Preview Updates (September 23/25/29, 2025)
September 2025 Update KB5065426 causes issues with large AD environments
Windows 11 24H2/25H2: Localhost issues after October 2025 update KB5066835
Windows 11 24H2-25H2/Server 2025: Microsoft confirms issue with IIS/localhost, offers KIR solution
Windows 10/11: USB keyboard/mouse doesn't work properly in WinRE
