Did Microsoft just break its own operating system while encouraging millions to update? For some Windows 11 users, the October 2025 KB5066835 update has made routine patching a technical minefield, interrupting core workflows and even simple system recovery tools.
The most critical disruption comes from a regression in the kernel-mode HTTP server, HTTP.sys, that now improperly handles HTTP/2 handshakes on localhost (127.0.0.1). This vulnerability breaks the loopback connections employed by local web servers, IIS, and dev stacks. Microsoft assured that “IIS websites might fail to load, displaying a message such as ‘Connection reset – error (ERR_CONNECTION_RESET),’ or similar error. This includes websites hosted on http://localhost/, and other IIS connections.” The disruption impacts any server-side app that depends on HTTP.sys, ranging from Visual Studio debugging and ASP.NET Core modules to containerized services. Developers observe the same failures in all browsers, with such errors as ERR_HTTP2_PROTOCOL_ERROR stopping app testing. In reality, the kernel level aborts sessions prior to even a single byte being received by application code.
For IT pros, the damage doesn’t end at development. KB5066835 made the Windows Recovery Environment (WinRE) somewhat unusable by disabling USB keyboard and mouse input. Because WinRE is the default boot path for repairing unbootable systems, losing input devices essentially bars users from important repair utilities. Testing indicates that while some input lag is to be expected in less severe instances, most systems experience full unresponsiveness. Peripherals connected via PS/2 continue to function, but newer USB-only hardware is impacted. As Microsoft conceded, “a bug blocks the mouse or keyboard from working. This means you cannot navigate WinRE.”
Peripheral compatibility problems also strike inside the OS itself. Some Logitech peripherals, even high-end offerings such as the MX Anywhere 3, become unable to utilize custom shortcut capabilities following the update. Logitech Options and Options+ mappings like mouse buttons programmed with Win+ zoom commands do not work, suggesting changes inside Windows input processing independent of the HTTP.sys bug. For productivity users reliant on these shortcuts, the effect is immediate.
Even mundane file management has been disrupted. The Preview pane in File Explorer now will no longer render some documents, most notably PDFs copied from cloud services or network shares, on the grounds of a spurious security warning: “The file you are attempting to preview could harm your computer.” This mislabeling excludes previews of trusted files and requires them to be opened in standalone apps, which degrades workflows. Tests indicate that files created locally are not affected, indicating the problem is with attachment security zone metadata processing.
The instability of the update is further exacerbated by failure to install on certain machines, with spewing error codes like 0x800f0922 and 0x800f0983. Whereas Microsoft is advising people to download the patch from the Update Catalog or do an in-place upgrade through the Media Creation Tool, Microsoft warns against ad-hoc “internet fixes,” adding that they do not fix the root regression.
Microsoft is currently rolling out an out-of-band hotfix also known as KB5066835 in its fixed form through Windows Update. The firm cautions that staged deployment may exceed 48 hours to be fully propagated across impacted devices. Staggered deployment permits telemetry to verify reduced error rates prior to widespread release, a measure to protect from presenting new regressions. Concurrently, a Known Issue Rollback (KIR) is employed to roll back the problematic code path for HTTP.sys without full patch removal.
In the meantime, developers can disable HTTP/2 temporarily by adding two DWORD registry keys EnableHttp2Tls and EnableHttp2Cleartext with values zero, which compels HTTP/1.1 as a backup. This recovers localhost connections but forfeits HTTP/2’s multiplexing advantage. For WinRE connectivity, power users can replace the winre.wim image with a clean copy from a Windows 11 ISO, but Microsoft cautions that this is an IT-admin-level process with possible consequences.
The timing of KB5066835’s demise is especially delicate. Weeks only after stopping Windows 10 support for the vast majority of users, Microsoft is calling for upgrades to Windows 11, which now controls about half the Windows install base. Reliability is essential in such a migration effort; as one industry report put it, “within the same week, Microsoft’s installer broke, its new OS borked local development, and Redmond’s multimillion-dollar upgrade push instead highlighted how fragile its ecosystem still is.” In the meantime, impacted users should keep an eye on Windows Update, install the out-of-band patch as soon as it becomes available, and implement temporary workarounds only if business needs require it.
