KB5065790 Windows 11 23H2 Preview: Reliability Fixes Ahead of EOL

Microsoft has released the optional, non‑security preview update KB5065790 for Windows 11 version 23H2, a compact cumulative focused on reliability fixes rather than new features — and it lands at a time when 23H2 is weeks away from end‑of‑service for consumer editions.

Background / Overview​

Windows 11 23H2 (build 22631 family) shipped in October 2023 and is scheduled to reach end of updates for Home and Pro editions on November 11, 2025. That lifecycle milestone means consumers still on 23H2 must plan to upgrade to a supported build (24H2 or later) to keep receiving security updates. Microsoft’s lifecycle page and related communications make this EOL date explicit.
KB5065790 is an optional preview (a “C” release) published in late September 2025 and targeted at Release Preview / Insider channels and administrators who want to test fixes before they are folded into the next Patch Tuesday rollup. The package contains quality improvements and a short list of fixes that address a handful of real‑world reliability problems affecting WWAN/eSIM sign‑in flows, multi‑monitor Remote Desktop sessions, certain IME rendering issues, Edge in Internet Explorer compatibility scenarios, shared‑printer UI crashes, and a small system service metadata correction. Those details appear in Microsoft’s Windows Insider release notes for the build(s) associated with this KB.

---

What KB5065790 actually fixes​

The update is deliberately small in scope — this is not a feature update. The headline fixes are:

• Authentication (SIM PIN sign‑in freeze): Resolves an issue where the Windows sign‑in screen could stop responding after a user entered a SIM PIN while signing in on devices using mobile broadband (WWAN/eSIM). This could leave field devices and cellular laptops stuck at the sign‑in prompt.
• Display / RDP (multi‑monitor docking disconnect): Fixes an issue where a Remote Desktop Protocol (RDP) session using multiple monitors could cause the system to unexpectedly shut down when a docking station or monitor was disconnected during streaming.
• Input / Chinese IME rendering: Corrects cases where some Chinese characters didn’t render properly or appeared as empty boxes in specific text fields, including certain management tools.
• Browser / Internet Explorer mode in Edge: Addresses a hang or stop‑responding behavior when Microsoft Edge was run in IE‑compatibility mode and encountered certain same‑domain redirects.
• Printer UI crash: Fixes an issue where viewing the print queue for a shared printer in Settings could crash the Print Queue UI.
• COSA / carrier profiles: Updates Country and Operator Settings Asset (COSA) profiles for some mobile operators to ensure provisioning and connectivity behave as expected.
• System service metadata: Corrects the McpManagement service display so it shows an expected description instead of appearing blank.

These corrections are the kinds of reliability wins that reduce helpdesk tickets and field outages — especially for mobile users, docked laptop fleets, RDP farms, and environments using East Asian input methods. WindowsLatest’s coverage of the patch summarizes the same changes and provides direct download guidance for those who prefer offline installers.

---

Build numbers, channels, and platforms — what to expect​

Microsoft maintains parallel servicing families for Windows 11 (the “feature‑off” and “feature‑on” lines). This KB is associated with builds in those families. The Windows Insider blog lists Build 22631.5982 (KB5065790) for the Release Preview channel on 23H2, while other shared artifacts and catalog entries show the related 22621 family variant (for non‑feature builds). In practice, you may see slightly different build suffixes depending on whether your device is on the 22631 or 22621 baseline; both represent the same quality patch layered onto the appropriate branch.
Key operational points:

• The preview update is manual by default — it will not automatically install on production devices that do not accept preview updates.
• Microsoft often packages the latest Servicing Stack Update (SSU) together with the Latest Cumulative Update (LCU) in combined MSU packages. That means the offline package you download may include both SSU and LCU components. Be mindful that once the SSU portion is installed, you cannot remove the SSU; only the LCU can be removed via DISM if needed.

---

The SMBv1 problem and how KB5065790 fits into the bigger picture​

September 2025’s security rollup introduced an unexpected connectivity regression for legacy SMBv1 over NetBIOS (NetBT) scenarios: devices that rely on SMBv1 and NetBT could find they could not connect to shared files and folders after installing the September security updates. Microsoft recognized the issue and published guidance/workarounds (for example, switching to TCP/445). KB5065790’s preview includes a targeted mitigation for the SMBv1/NetBT connectivity problem on 23H2, addressing that specific regression for affected clients. Independent reporting and expert blogs that track Microsoft’s servicing activity noted this fix and the Microsoft service alert that accompanied it.
Caveat and practical guidance:

• SMBv1 is deprecated and insecure. The most robust course is to migrate devices and appliances away from SMBv1 to SMBv2/SMBv3 (or modern protocols and appliances that support them).
• If migration is not immediately feasible, the documented workaround — allowing traffic on TCP port 445 so connections fall back to direct SMB over TCP rather than NetBT — is a pragmatic stopgap while testing patches. Microsoft’s KB pages and follow‑ups call this out explicitly.

---

How to get KB5065790: Windows Update, Update Catalog, and manual install​

For most users on the Release Preview ring or for administrators piloting fixes, there are two primary ways to obtain KB5065790:

• Use Settings > Windows Update and choose to download the optional preview. This is the simplest approach for devices already configured to receive preview or optional updates.
• If Windows Update fails or you prefer an offline installer, download the .msu package from the Microsoft Update Catalog and apply it manually. The Update Catalog shows packages for each architecture (x64, Arm64) and will provide the .msu file(s) for download. Once downloaded, you can double‑click the .msu to run it, or use command line options for silent install and image servicing.

Recommended manual install steps (concise):

• Confirm Windows version and architecture: run winver and verify you are on Windows 11 23H2 (22631.x series) or the expected baseline.
• Download the matching .msu from the Microsoft Update Catalog.
• (Optional) Verify file integrity: Get‑FileHash -Path C:\Path\to\file.msu -Algorithm SHA256.
• Install with elevated permissions:
• Interactive: double‑click the .msu and follow prompts.
• Quiet: wusa.exe C:\path\to\windows11.0-kb5065790-x64.msu /quiet /norestart
• For image servicing: DISM /Online /Add‑Package /PackagePath:C:\path\to\windows11.0-kb5065790-x64.msu
• Reboot if prompted and confirm the new build via winver.

Important note about rollbacks:

• Because combined SSU + LCU packages are common, uninstalling the package is not as simple as running wusa /uninstall; the SSU persists. If you need to remove the LCU, DISM /Remove‑Package is the supported path and you should maintain recovery images and a rollback plan. Administrators should pilot updates and validate rollback procedures before broad rollout.

---

Out‑of‑band (OOB) activity for 24H2 and related patches​

Alongside KB5065790 for 23H2, Microsoft released an Out‑of‑Band update for Windows 11 version 24H2 (KB5068221) on September 22, 2025. That OOB targeted a discrete, high‑impact compatibility problem where Microsoft Office apps running under Microsoft Application Virtualization (App‑V) could fail because of a double handle closure in the AppV subsystem; KB5068221 addresses that App‑V issue and also bundles an SSU. The OOB also documents the SMBv1 connectivity symptoms and the TCP/445 workaround. This shows Microsoft’s pattern: simultaneous small, focused updates across multiple versions to address distinct regressions surfaced by the September servicing window.
WindowsLatest’s early reporting suggested the 24H2 OOB excluded the SMB protocol fix, but Microsoft’s own KB for KB5068221 documents the SMBv1 symptoms and the workaround, and it confirms the OOB’s App‑V focus — making the WindowsLatest characterization incomplete. Where vendor write‑ups differ from Microsoft’s KBs, rely on the official Microsoft support page for the final technical scope.

---

Who should install KB5065790, and when​

This update is optional and intended primarily for:

• Mobile / WWAN device users experiencing the SIM PIN sign‑in freeze.
• Enterprises with docked laptops or RDP multi‑monitor farms affected by the disconnect/shutdown bug.
• Organizations using legacy SMBv1 devices that were impacted by the September security rollups and need an immediate mitigation for NetBT connectivity after testing.
• IT teams evaluating fixes before monthly Patch Tuesday rollouts.

Recommended deployment approach:

• Pilot first. Test on a representative set of endpoints for 48–72 hours, exercising SIM sign‑in, docking/undocking, RDP multi‑monitor, IME scenarios, printing, and any specialized business apps.
• Collect logs. Monitor Windows Update logs, Application and System event logs, and app crash telemetry to detect any regressions.
• Have rollbacks & images ready. Because SSUs persist, be prepared to restore images if major regressions appear.
• Plan upgrades away from 23H2. For Home/Pro devices, schedule migration to 24H2 or later before November 11, 2025 to remain in the security servicing stream.

---

Strengths, limitations, and risk assessment​

Strengths

• Targeted, high‑impact bug fixes. The patch corrects issues that can prevent sign‑in, cause unexpected shutdowns, or break widely used workflows such as printing and IE‑mode compatibility. These are concrete reliability improvements for the right user cohorts.
• Accessible manual installs. The Microsoft Update Catalog provides .msu offline installers for controlled deployments and air‑gapped scenarios.

Limitations and risks

• Optional preview patches can expose regressions. Because these updates are meant for pre‑release testing, they carry a small chance of introducing new problems on certain hardware or driver stacks (display drivers, docking firmware, WWAN vendor software).
• Combined SSU + LCU packages complicate rollback. The SSU portion cannot be removed once installed; administrators must plan recoveries using system images or DISM procedures for the LCU.
• SMBv1 legacy dependencies remain fragile. Even with fixes, environments relying on SMBv1 are at operational and security risk — migration to modern SMB versions is the correct long‑term solution.

Unverifiable or speculative claims

• Coverage suggesting KB5065790 will force or dramatically accelerate upgrades to 24H2 is speculative. While the EOL deadline and the patch cadence make upgrades sensible, user decisions are influenced by many factors (app compatibility, hardware drivers, enterprise policies). Treat such claims as probable but not guaranteed.

---

Practical checklist for home users and IT admins​

• Verify current Windows build: run winver and confirm your version baseline (22631.x for 23H2).
• Back up critical data or create a system image before applying optional preview updates.
• If you rely on WWAN/eSIM sign‑on, test SIM PIN sign‑in after installing the patch on one or two devices.
• For docked laptops and RDP environments, test multi‑monitor disconnect scenarios and ensure display drivers and docking firmware are updated.
• If your environment uses SMBv1, create a migration plan — use the TCP/445 workaround only temporarily and put SMBv1 migration on the schedule.
• When distributing via Update Catalog, verify SHA‑256 hashes if available and record package names and build numbers for inventory.

---

Final assessment and what comes next​

KB5065790 is a small, focused quality update that addresses practical, user‑facing reliability problems rather than delivering new consumer features. For users and admins affected by the described issues — particularly those using WWAN/eSIM sign‑in, docked laptops, multi‑monitor RDP setups, or legacy SMBv1 networks — the patch is a worthwhile test candidate ahead of the next monthly rollup. For everyone else, the update is optional and the fixes will be included in upcoming scheduled cumulative updates, so conservative admins can wait for the regular Patch Tuesday delivery.
Microsoft simultaneously iterated on other servicing lanes (for example, the 24H2 out‑of‑band KB5068221 addressing App‑V Office issues), underscoring a larger reality: September’s security rollups exposed a few legacy compatibility regressions that Microsoft is actively mitigating across versions. Administrators should prioritize staging and testing, maintain recovery images, and accelerate migration away from deprecated technologies (SMBv1) to reduce exposure to both reliability and security faults.
For readers wanting the short operational next step: if you are affected by any of the symptoms described (SIM sign‑in freeze, RDP shutdown on dock disconnect, IME problems, printing UI crash), download KB5065790 from Windows Update or the Microsoft Update Catalog and pilot it on representative devices — but do it with backups and a rollback plan in place.

---

KB5065790 is not a headline feature update — it’s the sort of quiet engineering effort that keeps devices usable. Applied selectively and tested correctly, it will reduce a specific set of support incidents in the weeks before 23H2’s consumer servicing window closes; applied blindly on unmanaged fleets, it carries the usual preview‑update caveats. The sensible path is measured adoption: pilot, validate, then expand.

---

Source: Windows Latest Windows 11 KB5065790 23H2 released, direct download links (.msu)