Sales: 1.844.224.6069 | Support: 1.844.728.7949

Remote Support

Emergency Update For Windows 11 – KB5070773

Emergency Update For Windows 11

Fact: 100% of affected recovery environments lost USB input after the October security release, leaving many teams unable to use restore tools.

We understand how disruptive that can be. KB5070773 was rushed out to reverse a flaw that broke USB keyboard and mouse input in the Windows Recovery Environment (WinRE).

Microsoft confirms the patch installs automatically through windows update, moving 25H2 to Build 26200.6901 and 24H2 to 26100.6901. That matters for audits and fleet reporting.

Why this matters: without working input, technicians cannot pick restore or repair actions during incidents. We outline what changed, why the patch was urgent, and the quick checks teams should run on pcs and peripherals.

Our approach is reassurance-first. The patch reduces downtime risk, is safe to deploy, and requires no special tooling. We translate the tech details into clear steps your help desk can use.

Key Takeaways

  • KB5070773 restores USB keyboard and mouse access in WinRE, fixing the prior problem.
  • Install is automatic via windows update; verify builds 26200.6901 (25H2) or 26100.6901 (24H2).
  • The issue blocked recovery tools, creating real business continuity risk.
  • We recommend quick verification steps for pcs and users after deployment.
  • Patch rollout is standardized and safe; communicate status to stakeholders promptly.

Emergency Update For Windows 11: What KB5070773 Fixes and Why It Matters

A targeted patch from Microsoft restores USB input where it mattered most: the recovery console.

KB5070773 is an out-of-band cumulative update that bundles the October fixes and adds a specific repair for WinRE USB input loss.

Who is affected are organizations running 24H2 and 25H2 builds and environments that manage Windows Server 2025 systems. After installation, 25H2 reports Build 26200.6901 and 24H2 reports Build 26100.6901.

“After installing October 2025 security update (KB5066835), USB devices, such as keyboards and mice, do not function in the Windows Recovery Environment (WinRE). This issue prevents navigation of any of the recovery options within WinRE.”

  • The band patch restores keyboard and mouse behavior in the recovery console so technicians can choose diagnostics or restore paths.
  • The fix preserves the original security hardening while reducing regression risk.
  • Post-install, verify the build numbers to confirm the patch reached affected users and devices.
Platform Pre-patch symptom Post-patch build
Windows 11 25H2 USB input fails within WinRE 26200.6901
Windows 11 24H2 USB input fails within WinRE 26100.6901
Windows Server 2025 Same underlying input behavior Applies via cumulative patching

Scope of the issue, related Windows updates, and security context

October’s security roll brought an unexpected service disruption that hit recovery tools across many fleets.

Origin

Origin: October 14, 2025 security update KB5066835 broke USB input in the windows recovery environment

We trace the root cause to KB5066835 released on October 14. That update stopped USB keyboards and mice from working inside the recovery console.

A sleek, modern Windows Recovery Environment interface, bathed in soft blue hues and a soothing, minimalist aesthetic. The foreground features a clean, uncluttered dashboard with intuitive navigation options, while the background subtly depicts a gridded, technical landscape suggestive of the operating system's core functionality. Subtle lighting casts a warm, pensive glow, conveying a sense of trust and reliability in the system's ability to diagnose and resolve issues. The overall composition strikes a balance between user-friendliness and the underlying technical complexity, reflecting the secure and capable nature of this Windows recovery tool.

Related problems: smart card/CSP failures in 32-bit apps and Microsoft’s registry guidance

Some environments also saw smart card and CSP errors in 32‑bit applications. Microsoft says a temporary workaround sets the DisableCapiOverrideForRSA registry key to 0.

We caution that registry edits carry risk. Apply changes only under change control and after full backups and testing.

Additional emergency patch: WSUS RCE (CVE-2025-59287) and legacy serialization risk

  • The WSUS flaw allowed remote code execution from deserialization of untrusted data.
  • Exploit complexity was low and could propagate between servers.
  • Given WSUS is deprecated, we advise reassessing its role and moving to supported update orchestration.

“Document which fixes and mitigations you applied, and keep a single source of truth for audits.”

How Canadian users can download and install the update—and what to do if Windows won’t boot

If your Canadian fleet struggles with boot or input issues, here are the practical steps to get systems back to service. We focus on clear checks and low-risk recovery options you can run now.

A sleek, silver USB recovery drive sits on a minimalistic, well-lit desk, casting subtle shadows. The drive is the focal point, surrounded by a clean, modern office space with a blurred background of a laptop, stationery, and a potted plant. The lighting is soft and directional, accentuating the drive's metallic finish and creating a sense of professionalism and purpose. The overall mood is one of efficiency, reliability, and technological confidence, reflecting the emergency Windows 11 update and the need for a recovery solution.

Automatic and manual install paths

KB5070773 installs automatically through windows update for most tenants. Still, we recommend spot-checking critical pcs.

To check manually: go to Settings > Windows Update > Check for updates, then approve the cumulative patch and schedule a reboot.

If the device won’t enter the OS

Try the touchscreen virtual keyboard to navigate recovery options.

If available, plug a PS/2 keyboard or mouse into a PS/2 port to regain control within the recovery environment.

Booting from a previously created USB recovery drive provides a direct path into WinRE and typically restores USB input for standard recovery steps.

Enterprise and OEM options

  • Use PXE with Microsoft Configuration Manager for network-based provisioning.
  • Standardize push-button reset with the Windows ADK and the WinPE add-on.
  • Document which method worked and update your CMDB for audited traceability.
Scenario Quick action Best fit
Devices patched via update Verify build and reboot Finance, exec PCs
Cannot enter OS Touch keyboard or PS/2 Deskside recovery
Large fleet or OEM images PXE / WinPE deployment Enterprise scale

Conclusion

, This patch restores critical recovery paths and reduces the chance of service disruption during a boot incident. KB5070773 resolves the WinRE input failure introduced by KB5066835 and arrives automatically via Windows Update, moving 25H2 to build 26200.6901 and 24H2 to 26100.6901.

We recommend completing deployment across 24H2 and 25H2 estates and validating that recovery options work on priority pcs. Use simple checks: confirm keyboard and mouse input inside the recovery environment and document any anomalies.

Keep a prebuilt recovery drive and test touch or PS/2 fallbacks. For Canadian teams, update your change log, run a brief tabletop drill, and contact us if you need help planning or validating the fix.

FAQ

What does KB5070773 fix and why is it important?

KB5070773 restores USB keyboard and mouse functionality inside the Windows Recovery Environment (WinRE). This patch is critical because the earlier security rollup caused input devices to stop responding, preventing users from navigating recovery and repair options during boot or troubleshooting.

Who is affected by this patch?

Systems running the 24H2 or 25H2 releases and affected Windows Server 2025 builds were impacted. If your device failed to accept USB keyboard or mouse input while in WinRE after recent monthly security updates, you fall into the affected group.

Which build numbers reflect the fix?

After installing the patch, 25H2 builds move to 26200.6901 and 24H2 builds move to 26100.6901. Confirm the build in Settings > System > About to verify the update applied successfully.

What caused the problem in the first place?

The issue originated from a security update released October 14, 2025 (KB5066835), which inadvertently interfered with USB input handling inside WinRE. Registry and driver interactions in that rollup caused keyboards and mice to become nonfunctional in the recovery environment.

Are there related problems we should watch for?

Yes. Some environments reported smart card and cryptographic service provider (CSP) failures in legacy 32-bit apps. Microsoft also issued guidance affecting registry settings. Administrators should review related advisories for potential impacts on legacy components and serialization libraries.

How will the patch be delivered to devices?

Microsoft released KB5070773 as an out-of-band security rollup. Most consumer and business devices will receive it automatically via Windows Update. Managed environments can push it through their update tools once Microsoft publishes it to WSUS or Windows Server Update Services.

How can I manually check for and install the patch?

Go to Settings > Windows Update and select Check for updates. If the cumulative fix is available, follow prompts to download and install. Reboot as required to complete the upgrade and restore input support in WinRE.

My PC won’t boot and USB input doesn’t work. What are my options?

If WinRE won’t accept USB keyboard or mouse input, try the touchscreen keyboard (on touch devices), attach PS/2 peripherals if supported, or boot from a USB recovery drive created on another system. These paths can let you access repair tools or install the patch offline.

What should enterprises and OEMs do if recovery options fail?

Enterprise teams should use PXE deployments with Configuration Manager, boot images built with ADK and WinPE, or mount updated WinRE images that include the patch. Ensure deployment images and recovery media are refreshed promptly to restore navigation and input support.

Does this patch address other security issues such as WSUS RCE or legacy risks?

KB5070773 specifically targets the WinRE input regression. Microsoft has issued separate advisories and patches for WSUS remote code execution and legacy serialization vulnerabilities (for example CVE-2025-59287). Review Microsoft security guidance to ensure all relevant fixes are applied.

How can IT teams verify the fix after deployment?

Verify device build numbers match the patched versions (26200.6901 or 26100.6901), then boot into WinRE and confirm keyboard and mouse respond. Check update histories in management consoles and validate recovery media contain the updated WinRE image.

Where can Canadian users download and install the patch?

Canadian users should use Windows Update or their enterprise update channel. Microsoft Update Catalog and official Microsoft support pages also host the standalone package for manual download. Follow standard IT change controls when installing on production systems.

What immediate steps should organizations take to reduce disruption?

Prioritize applying the patch across critical systems, refresh recovery images and USB media, and test WinRE navigation on representative devices. Communicate guidance to helpdesk staff on alternative input methods and recovery procedures until environments are fully updated.
Picture of Matthew Goodchild
Get In Touch
We believe that IT shouldn’t be a pain for you.
Contact Us