Microsoft has released a mandatory Windows 11 security update, KB5066835, which is causing significant system failures, including broken network connections and malfunctioning peripherals, prompting the company to confirm an emergency patch is in development.
The new security update is causing problems for users. A primary issue is the breaking of localhost connections, which prevents locally hosted applications from connecting to the network. Beyond this connectivity failure, users have also experienced installation failures while applying the patch, as well as bugs that render certain peripherals and accessories inoperable.
Microsoft has confirmed the problems and is deploying an emergency patch to rectify localhost-related issues in Windows 11 versions 24H2 and 25H2. The company noted the hotfix could take over 48 hours to appear on affected systems. In the meantime, Microsoft advises that “affected users should check for updates and reboot their PC, even if they do not see any newer updates listed.” Users are also cautioned against using unverified fixes, with one report warning, “Don’t try your luck with internet solutions. They don’t work.”
Analysis points to a technical cause for the localhost failure: a “regression in the kernel-mode HTTP server (HTTP.sys).” The problem manifests when a browser or application tries to connect to services on 127.0.0.1 using the HTTP/2 protocol. In these instances, the HTTP.sys component “mishandles the HTTP/2 handshake/frames and resets the connection,” blocking local server communication.
The significance of this regression is that the update “broke IIS” (Internet Information Services), affecting any service operating behind HTTP.sys. According to reports, “Windows is designed to handle 127.0.0.1 requests by loading TTP/2 session in the kernel, which then sends the request to the IIS worker, ASP.NET Core Module or your app.” This fundamental process is what the update disrupts.
According to The Register, Microsoft had not initially acknowledged the issue. Users attempting to fix the problem by reinstalling the patch or updating to newer builds reported mixed results. The error appears to stem from a conflict between the update and existing system configurations. This is suggested by the observation that the problem “appears to vanish on clean installs of Windows 11 24H2,” indicating a fresh installation is not affected.
Microsoft later confirmed a second major failure within the Windows Recovery Environment (WinRE). The same KB5066835 update includes a bug that renders WinRE inoperable by blocking mouse and keyboard input. As a result, users “cannot navigate WinRE.” This makes it “impossible to navigate between different options within WinRE,” preventing actions like system troubleshooting or resetting Windows. The problem affects all users who may need to access these recovery tools, including recent upgraders from Windows 10.
While unofficial workarounds for these issues exist, they are accompanied by a “major health warning.” These fixes involve directly modifying system files, a risky procedure that could “make Windows unstable or stop it from booting” if performed incorrectly. Users are advised to attempt such fixes at their own risk. The general guidance is to await the official emergency update, which is anticipated to arrive within a day or two.
The issues with the Windows 11 update coincide with Microsoft’s decision to end free security updates for an estimated 500 million Windows 10 users. Individuals still using Windows 10 are advised to apply the final available security patches. To maintain support, they can enroll in the 12-month Extended Security Updates (ESU) program, which provides security support for the operating system until 2026 for a fee.
The Register provided a summary of the week’s events, stating: “All this means that, within the same week, Microsoft’s installer broke, its new OS borked local development, and Redmond’s multimillion-dollar upgrade push instead highlighted how fragile its ecosystem still is.”
