Microsoft is releasing an emergency update for Windows 11 to address significant issues caused by a new, mandatory security patch, KB5066835, released after security updates ended for an estimated 500 million Windows 10 users.
The primary issue acknowledged by Microsoft is that the update breaks localhost connections, meaning “locally hosted apps can no longer connect to your network.” This problem has led to reports of the update being a “total disaster” for some users. Technical analysis reveals the issue stems from a “regression in the kernel-mode HTTP server (HTTP.sys).” When a browser or application attempts to establish an HTTP/2 connection to services hosted on the local machine (127.0.0.1), HTTP.sys mishandles the handshake and subsequently resets the connection. This bug significantly affects any service operating behind HTTP.sys, including Internet Information Services (IIS). The standard Windows process involves loading an HTTP/2 session in the kernel to handle 127.0.0.1 requests, which then routes the request to the appropriate application, such as an IIS worker or ASP.NET Core Module.
In addition to the localhost failure, users have reported multiple installation failures and bugs that prevent peripherals and accessories from functioning correctly. According to reports, these accessory failures affect “some Logitech peripherals” and cause the “mouse and keyboard not working in WinRE (Windows Recovery Environment).” Microsoft later confirmed the WinRE problem, which makes the recovery environment unusable. A bug originating from the KB5066835 update blocks mouse and keyboard input within WinRE, preventing users from navigating the environment to perform critical tasks like troubleshooting the operating system or resetting Windows. The issue is especially concerning for individuals who have recently upgraded from Windows 10.
Microsoft stated it is “rolling out an emergency patch that should address localhost-related issues in Windows 11 24H2/25H2.” The company noted that “the hotfix could take longer than 48 hours to show on affected PCs.” In the meantime, Microsoft advises that “affected users should check for updates and reboot their PC, even if they do not see any newer updates listed.” Before Microsoft officially acknowledged the problem, users reported mixed results when attempting to reinstall the patch or move to newer builds. It was also observed that the issue does not occur on clean installations of Windows 11 24H2, suggesting “that the error stems from a conflict in how the update interacts with existing system configurations, rather than being a universal bug.”
While some unofficial workarounds have been shared online, they come with a “major health warning.” These fixes involve modifying system files, a risky process that could “make Windows unstable or stop it from booting.” Users are advised against attempting these solutions and to wait for the official emergency update, which is expected to arrive within a day or two. For users remaining on Windows 10, the advice is to ensure their systems have the last available security fixes installed. They also have the option to enroll in the 12-month Extended Security Updates (ESU) program to continue receiving support until 2026. The sequence of events was summarized by The Register: “All this means that, within the same week, Microsoft’s installer broke, its new OS borked local development, and Redmond’s multimillion-dollar upgrade push instead highlighted how fragile its ecosystem still is.”
