In recent days, reports have surfaced regarding a critical bug in the Windows Recovery Environment (WinRE) that renders USB devices non-functional. Microsoft has already issued a patch for this specific issue, but now it has also addressed another significant problem impacting multiple versions of Windows.
According to Microsoft’s Windows Release Health dashboard, a fix is available for a smart card authentication issue that arose following the installation of October 2025’s Patch Tuesday updates. Post-update, numerous users encountered errors linked to smart card recognition and certificate-related functions. Applications relying on certificate-based authentication began failing, displaying Event ID 624 in the system event log along with messages citing "invalid provider type specified" and "CryptAcquireCertificatePrivateKey error".
Microsoft has acknowledged that this issue stems from a recent Windows update that necessitates the use of the Key Storage Provider (KSP) rather than the Cryptographic Service Provider (CSP) for RSA-based smart card certificates. This change was made to bolster security.
However, the resolution will not be delivered via a standard Windows Update. It requires manual modification of a Windows Registry value, which introduces a risk of system instability if done incorrectly. If you feel confident about proceeding, here are the steps you need to follow:
- Open Registry Editor: Press Win + R, type
regedit, and hit Enter. Confirm any User Account Control prompts. - Navigate to the subkey: Path to follow is
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyCalais. - Edit the key and set the value: Within Calais, check if the key
DisableCapiOverrideForRSAexists. Double-click it and set the value data to:0. - Close and restart: Exit Registry Editor and restart your computer for the changes to take effect.
This bug has affected Windows 11 (versions 25H2, 24H2, 23H2, 22H2), Windows 10 (version 22H2), and various Windows Server versions including 2025, 23H2, 2022, 2019, 2016, and 2012 R2.