Microsoft suggests temporary registry hack for stricken smart card users
(2025/10/23)
- Reference: 1761231577
- News link: https://www.theregister.co.uk/2025/10/23/microsoft_smart_card_registry/
- Source link:
Microsoft accidentally broke several things in the October 2025 Windows Update, but smart card authentication was not one of them. That was intentionally broken, and the temporary workaround requires a registry hack.
Redmond [1]noted the issue last week after smart card authentication and other certificate operations started failing following an "improvement" made to Windows in light of CVE-2024-30098. Part of the mitigation was to require RSA-based smart card certificates to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).
The upshot of this change is that certificates that use CSP might have problems after the update. These problems could manifest as an inability to sign documents, smart cards not being recognized as CSP providers in 32-bit applications, and failures in applications that rely on certificate-based authentication.
[2]
The good news is that until the authenticating app is updated to perform Key Storage Retrieval using the Key Storage API, there is a workaround. The bad news is that it requires a registry hack on every affected device.
[3]
The bad news is that the hack will only work until the April 2026 Windows updates, when Microsoft plans to remove it.
[4]Feds flag active exploitation of patched Windows SMB vuln
[5]Windows 11 tiptoes further into dark mode with new dialogs
[6]Windows 11 update knocks out USB mice, keyboards in recovery mode
[7]Turns out the end of Windows 10 is good for something: The PC refresh cycle
The workaround requires affected users to set the DisableCapiOverrideForRSA registry key value to 0 on every device. The issue affects almost every supported version of Windows and Windows Server, as well as some that are no longer supported, such as Windows 10 22H2. Think of it as a going-away present from Microsoft to the affected users still on Windows 10.
There is no long-term resolution planned for this issue, since the behavior is by design and up to developers to fix in their authenticating app. The short-term workaround, however, is less than ideal. Editing the registry carries some risk, and it is all too easy to bork an installation by tinkering with the wrong key. Additionally, allowing a user anywhere near the registry will be the last thing an admin would want, further adding to workloads.
Still, with Windows 10 22H2 reaching end of support on October 14, Microsoft's final update left users with something to remember it by. ®
Get our [8]Tech Resources
[1] https://learn.microsoft.com/en-gb/windows/release-health/status-windows-11-25H2#3697msgdesc
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/saas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aPpRExC6JDRJmtF5MO8WhgAAABM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/saas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aPpRExC6JDRJmtF5MO8WhgAAABM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2025/10/21/cisa_windows_smb_bug/
[5] https://www.theregister.com/2025/10/20/windows_11_more_dark_mode_dialogs/
[6] https://www.theregister.com/2025/10/20/microsoft_bug_keyboard_mouse/
[7] https://www.theregister.com/2025/10/17/windows_10_upgrades_lifts_global_pc_shipments/
[8] https://whitepapers.theregister.com/
Redmond [1]noted the issue last week after smart card authentication and other certificate operations started failing following an "improvement" made to Windows in light of CVE-2024-30098. Part of the mitigation was to require RSA-based smart card certificates to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider).
The upshot of this change is that certificates that use CSP might have problems after the update. These problems could manifest as an inability to sign documents, smart cards not being recognized as CSP providers in 32-bit applications, and failures in applications that rely on certificate-based authentication.
[2]
The good news is that until the authenticating app is updated to perform Key Storage Retrieval using the Key Storage API, there is a workaround. The bad news is that it requires a registry hack on every affected device.
[3]
The bad news is that the hack will only work until the April 2026 Windows updates, when Microsoft plans to remove it.
[4]Feds flag active exploitation of patched Windows SMB vuln
[5]Windows 11 tiptoes further into dark mode with new dialogs
[6]Windows 11 update knocks out USB mice, keyboards in recovery mode
[7]Turns out the end of Windows 10 is good for something: The PC refresh cycle
The workaround requires affected users to set the DisableCapiOverrideForRSA registry key value to 0 on every device. The issue affects almost every supported version of Windows and Windows Server, as well as some that are no longer supported, such as Windows 10 22H2. Think of it as a going-away present from Microsoft to the affected users still on Windows 10.
There is no long-term resolution planned for this issue, since the behavior is by design and up to developers to fix in their authenticating app. The short-term workaround, however, is less than ideal. Editing the registry carries some risk, and it is all too easy to bork an installation by tinkering with the wrong key. Additionally, allowing a user anywhere near the registry will be the last thing an admin would want, further adding to workloads.
Still, with Windows 10 22H2 reaching end of support on October 14, Microsoft's final update left users with something to remember it by. ®
Get our [8]Tech Resources
[1] https://learn.microsoft.com/en-gb/windows/release-health/status-windows-11-25H2#3697msgdesc
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/saas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aPpRExC6JDRJmtF5MO8WhgAAABM&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offprem/saas&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aPpRExC6JDRJmtF5MO8WhgAAABM&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2025/10/21/cisa_windows_smb_bug/
[5] https://www.theregister.com/2025/10/20/windows_11_more_dark_mode_dialogs/
[6] https://www.theregister.com/2025/10/20/microsoft_bug_keyboard_mouse/
[7] https://www.theregister.com/2025/10/17/windows_10_upgrades_lifts_global_pc_shipments/
[8] https://whitepapers.theregister.com/
nobody who matters
"Never ascribe to malice that which is adequately explained by incompetence" (N.Bonaparte C~1774 - obviously he didn't say it in English!)
Microsoft seem to be doing their utmost , and excelling, at the moment in pissing everyone off and trying to ensure as many as possible move off Windows.
Intentional do we think....or just incompetence?