In the past couple of days, reports about about a Windows Recovery Environment (WinRE) bug have emerged, which renders USB devices useless. Microsoft released a patch already for this particular problem, and now it has rolled out yet another fix for an issue impacting lots of Windows versions.
As noted on its Windows Release Health dashboard, Microsoft finally has a fix for the smart card authentication issue that cropped up on various editions of Windows after installing October 2025"s Patch Tuesday update.
Basically, after installing the latest security updates, some users began experiencing errors related to smart card authentication and certificates. Their smart cards were not recognized as valid Cryptographic Service Providers (CSPs) in 32-bit applications, they were unable to sign documents, and application functions which rely on certificate-based authentication kept failing.
This error was being tagged as EVent ID 624 in the system events log with error messages about "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error". Microsoft realized that this error is associated with a recent change in Windows, which requires the use of Key Storage Provider (KSP) instead of CSP for RSA-based smart card certificates to enhance security.
The good news is that Microsoft has a fix for those impacted by this issue. The bad news is that it won"t be delivered through a Windows Update as it requires changing a Windows Registry value that is not included by default in Windows installations. As usual, keep in mind that editing registry values carries its own set of risk and incorrect modifications may result in your system being rendered unusable. But if you"re confident about making this change, check out the instructions below:
- Open Registry Editor: Press Win + R, type regedit, and press Enter. If prompted by User Account Control, click Yes.
- Navigate to the subkey: Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais
- Edit the key and set the value: Inside Calais, check if key DisableCapiOverrideForRSA exists. Double-click DisableCapiOverrideForRSA. In Value date, enter: 0
- Close and restart: Close Registry Editor. Restart the computer for changes to take effect.
This particular bug affected Windows 11 (version 25H2, 24H2, 23H2, 22H2), Windows 10 (version 22H2), and Windows Server (2025, 23H2, 2022, 2019, 2016, 2012 R2).