Download and install now.
NurPhoto via Getty Images
Updated, Oct. 24 with Microsoft’s sudden release of another emergency update.
Microsoft’s mandatory security update this month has been described as a “total disaster,” with localhost connection issues and a nightmarish WinRE breakdown that stops mice and keyboards working, rendering PCs inoperable.
The disaster warning came courtesy of Windows Latest, which has now confirmed the promised emergency update has now been released. “Windows 11 KB5070773 is rolling out as an out-of-band update,” to address “the keyboard and mouse no longer working in WinRE, which renders the recovery process unusable.”
While the localhost issue was addressed server-side, this other, more serious issue requires users to download and install an update. Kind of. The download and install should happen automatically, and affects all Windows 11 PCs on 24H2 and 25H2.
ForbesSamsung Issues Critical Update For Most Galaxy S24 And S23 OwnersBy Zak Doffman
Windows Latest explains the “2025-10 Cumulative Update for Windows 11, version 25H2 for x64-based Systems (KB5070773) (26200.6901)” patch shows for download automatically, whether you want it or not.” Microsoft confirmed this “will automatically install via Windows Update. After you install the update, version 25H2 bumps to Build 26200.6901, while version 24H2 gets 26100.6901.”
You should install the update unless you’re especially green-fingered and know you cannot be affected by the WinRE issue. If you don’t install it now, it will be wrapped in with next month’s updates anyway, so there’s little point in waiting.
Microsoft told Windows Latest that “this issue prevents navigation of any of the recovery options within WinRE,” which really is a “total disaster.”
“If the mouse and keyboard don’t work in WinRE, the recovery tools are basically useless… You can’t click or type. What are you going to do? Your only chance might be an old PS/2 keyboard, but only if your PC still has a PS/2 port and it actually works.”
Windows 11 now has its largest install base since launch — well over 50%, with last minute switchers from Windows 10 bloating its numbers. While we await any data on Windows 10’s ESU take-up, what is clear is that the October 14 deadline has shaken stubborn users to finally make the move to the new OS.
Those than can, of course. There remains the issue of eligible or ineligible PCs to content with for at least 200 million users. We can but hope all those users have taken up the free 12-month security extension, and aren’t running at risk. Time will tell.
Emergency update is now here.
Windows Latest
Meanwhile, this isn’t the only Windows issue prompting a fix from Microsoft. Although this one is complicated and fraught with some risk.
Per Neowin, “after installing the latest security updates, some users began experiencing errors related to smart card authentication and certificates. Their smart cards were not recognized as valid Cryptographic Service Providers (CSPs) in 32-bit applications, they were unable to sign documents, and application functions which rely on certificate-based authentication kept failing.”
Microsoft says “if you encounter this issue, you can temporarily resolve it by setting the DisableCapiOverrideForRSA registry key value to 0.”
Neowin cautions that “the good news is that Microsoft has a fix for those impacted by this issue. The bad news is that it won’t be delivered through a Windows Update as it requires changing a Windows Registry value that is not included by default in Windows installations. As usual, keep in mind that editing registry values carries its own set of risk and incorrect modifications may result in your system being rendered unusable.”
Microsoft’s bust October has continued unabated, with the Oct. 23 release of another emergency update. Per Cybersecurity News, “Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing unauthorized attackers to execute arbitrary code over the network.”
Bleeping Computer warns that “the vulnerability can be exploited remotely in low-complexity attacks that do not require user interaction, allowing threat actors without privileges to target vulnerable systems and run malicious code with SYSTEM privileges. This makes it potentially wormable between WSUS servers.”
This does not have the same impact as the Windows 11 update fails and emergency fixes. WSUS is a deprecated component of the Windows setup, as such it’s arguably an unnecessary risk — a view likely compounded by this latest news.
ForbesIt’s Not Too Late—Grab Microsoft’s Free Windows Upgrade TodayBy Zak Doffman
The Register also warns that “Windows is chock-full of legacy code waiting to be abused by attackers, however, anything that could result in remote code execution requires swift resolution or mitigation. This particular issue relates to a ‘legacy serialization mechanism,’ according to Microsoft.”
But the steady news flow highlighting risks and fixes can also do some good — convincing hundreds of millions of Windows 10 holdouts to at least enroll in Microsoft’s free ESU, but ideally to upgrade to Windows 11 — even if that means trading PCs.
And on that, ZDNet offers an interesting avenue for the more green-fingered amongst you: “Microsoft said my PC was ‘too old’ to run Windows 11 – how I upgraded in 5 minutes anyway.” This partocular method used Rufus for the bypass, but there are others. Be cautios though, none of these are for everyday users.