Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Find information on known issues and the servicing status for Windows Server 2012 R2. For immediate help with Windows update issues, click here if you are using a Windows device to open the Get Help app or go to support.microsoft.com. Follow @WindowsUpdate on X for Windows release health updates. If you are an IT administrator and want to programmatically get information from this page, use the Windows Updates API in Microsoft Graph.
Current status as of May 2, 2025
As of October 10, 2023, Windows Server 2012 R2 has reached end of support.
Extended Security Updates (ESU) are available until October 13, 2026, with an option to migrate your on-premises servers to Azure, where you can continue to run them on virtual machines. To learn more, see the Windows Server 2012 R2 lifecycle article.
Note: Windows Server 2025 is now the latest Long-Term Servicing Channel (LTSC) release for Windows Server. To download a free 180-day evaluation, visit the Microsoft Evaluation Center.
Known issues
See open issues, content updated in the last 30 days, and information on safeguard holds. To find a specific issue, use the search function on your browser (CTRL + F for Microsoft Edge).
| Summary | Originating update | Status | Last updated |
|---|---|---|---|
| Smartcard authentication issues might occur with the October 2025 Windows update This issue is related to a security change introduced for strengthening Windows Cryptographic Services. | KB5066794 2025-10-14 | Resolved | 2025-10-22 17:31 PT |
Issue details
October 2025
Smartcard authentication issues might occur with the October 2025 Windows update
| Status | Originating update | History |
|---|---|---|
| Resolved | KB5066794 2025-10-14 | Resolved: 2025-10-22, 17:31 PT Opened: 2025-10-17, 20:06 PT |
Smart card authentication and other certificate operations might intentionally fail after installing Windows Updates released on or after October 14, 2025 (KB5066794) that contain protections for the security vulnerability, CVE-2024-30098. As part of this cryptography improvement, RSA-based smart card certificates are required to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).
Common symptoms for certificates that use CSP include:
- Smart cards not being recognized as CSP providers (Cryptographic Service Provider) in 32-bit applications
- Inability to sign documents
- Failures in applications relying on certificate-based authentication
- Users might observe error messages such as "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error."
You can detect if your smart card will be affected by this security enforcement if, prior to installing the October 2025 Windows security update (KB5066794), the System log contains Smart Card Service or Microsoft-Windows-Smartcard-Server Event ID: 624 with the message text: "Audit: This system is using CAPI for RSA cryptography operations. Please refer to the following link for more detail: https://go.microsoft.com/fwlink/?linkid=2300823."
Resolution:
For a permanent resolution, developers should update their authenticating app to perform Key Storage Retrieval using Key Storage API documented at Key Storage and Retrieval. Developers should complete this change before Windows updates released in April 2026, at which time the DisableCapiOverrideForRSA workaround listed below is planned to be removed.
Workaround:
If you encounter this issue, you can temporarily resolve it by setting the DisableCapiOverrideForRSA registry key value to 0. This is documented in CVE-2024-30098. Detailed steps to modify the registry key are listed below. Note: This option will be removed in Windows updates, planned for release in April 2026.
Steps to Modify the Registry
⚠️ Important: Editing the registry incorrectly can cause system issues. Always back up the registry before making changes.
1. Open Registry Editor.
- Press Win + R, type regedit, and press Enter.
- If prompted by User Account Control, click Yes.
2. Navigate to the subkey.
- Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais
3. Edit the key and set the value.
- Inside Calais, check if key DisableCapiOverrideForRSA exists
- Double-click DisableCapiOverrideForRSA.
- In Value date, enter: 0
Note: The DisableCapiOverrideForRSA registry setting is NOT added by the default OS install or the installation of Windows Updates and must be manually added on each device.
4. Close and restart.
- Close Registry Editor.
- Restart the computer for changes to take effect.
Affected platforms:
- Client: Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2
- Server: Windows Server 2025; Windows Server 23H2; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2
Report a problem with Windows updates
To report an issue to Microsoft at any time, use the Feedback Hub app. To learn more, see Send feedback to Microsoft with the Feedback Hub app.
Need help with Windows updates?
Search, browse, or ask a question on the Microsoft Support Community. If you are an IT pro supporting an organization, visit Windows release health on the Microsoft 365 admin center for additional details.
For direct help with your home PC, use the Get Help app in Windows or contact Microsoft Support. Organizations can request immediate support through Support for business.
View this site in your language
This site is available in 11 languages: English, Chinese Traditional, Chinese Simplified, French (France), German, Italian, Japanese, Korean, Portuguese (Brazil), Russian, and Spanish (Spain). All text will appear in English if your browser default language is not one of the 11 supported languages. To manually change the display language, scroll down to the bottom of this page, click on the current language displayed on the bottom left of the page, and select one of the 11 supported languages from the list.