Navigation section

Microsoft Media Creation Tool regression fixed with KB5067036

  • Thread Author
Illustration on a monitor of Windows 11 upgrade flow with MediaCreationTool and ARM64, KB5067036.
Microsoft’s Media Creation Tool briefly became a show‑stopper for some upgrade and recovery workflows this month — a regression that closed the one‑click path for creating Windows 11 installation media on certain Windows 10 and Arm64 hosts — and Microsoft has now issued a remediation while rolling related fixes and preview features in an October preview cumulative update.

Background / Overview​

The Media Creation Tool (MCT) is the go‑to utility many home users, technicians, and small IT teams rely on to download official Windows images and create bootable USB sticks or ISOs for upgrades, clean installs, and recovery. It is distributed as a single executable (MediaCreationTool.exe) and, until late September 2025, was treated as a dependable, straightforward route to create installation media or run in‑place upgrades.
In late September 2025 Microsoft shipped an updated MCT binary (identified in community reporting as version 26100.6584) that, when launched on some Windows 10 (22H2) hosts and certain Arm64 machines, would show a UAC prompt and a brief Windows splash and then exit silently without producing media. Microsoft acknowledged the problem in its Release Health / Known Issues pages and recommended alternate methods — most notably direct ISO downloads — while engineers prepared a fix.

What exactly failed and why it mattered​

The observable symptom​

  • Double‑click the updated MCT on an affected Windows 10 host.
  • Approve UAC when prompted.
  • See a brief Windows splash/logo.
  • The tool immediately quits with no helpful error, written diagnostics, or produced ISO/USB.
That silent early exit made troubleshooting opaque and pushed users toward manual ISO workflows or other upgrade methods. Community reproductions frequently showed early crashes tied to SetupHost.exe and low‑level exceptions; Microsoft classified the behavior as a host‑OS compatibility regression rather than a security vulnerability.

Why the timing amplified impact​

The regression arrived amid the Windows 10 end‑of‑support window (the hard EoS milestone in October 2025), a period when many users were preparing last‑minute upgrades or recovery media. For technicians, refurbishers, OEM technicians and small IT teams that depend on MCT for quick media creation, the break introduced friction and potential for rushed mistakes at a time when time and attention were in short supply. Independent outlets and community forums captured the resulting frustration and documented Microsoft’s immediate interim guidance.

Timeline: discovery, acknowledgement, fix​

Key dates and sequence​

  1. September 29, 2025 — Community reporting identifies an updated MCT binary (26100.6584) in circulation.
  2. Early October 2025 — Microsoft posts a Release Health known‑issues entry confirming the MCT “might close unexpectedly” on Windows 10 hosts and advises users to download the Windows 11 ISO or use alternative upgrade flows.
  3. October 28, 2025 — Microsoft refreshed the MCT binary and bundled remediation into the optional preview cumulative update KB5067036 (OS builds 26100.7019 / 26200.7019), which included the MCT compatibility fix along with several staged UI and Copilot improvements.
  4. November Patch Tuesday (planned) — Microsoft indicated the preview fixes would be folded into the normal cumulative update cadence to reach broad distribution once validated.
This timeline is corroborated by Microsoft’s Release Health notices and the October 28 KB preview entry, and has been independently reported by specialist press and community threads.

What KB5067036 changed (technical and user‑facing)​

KB5067036 is an optional, non‑security preview cumulative update released October 28, 2025. Microsoft used it to deliver a targeted compatibility correction for the MCT regression and to roll out a set of staged UI and on‑device Copilot/accessibility improvements. Key points:
  • MCT remediation: Microsoft updated the Media Creation Tool binary to address host compatibility checks that previously caused early termination on affected hosts (notably Windows 10 22H2 and certain Arm64 scenarios). Installing the preview or receiving its packaged changes via November Patch Tuesday should prevent the silent exit symptom. 
  • Feature previews bundled: A redesigned Start Menu (vertical All Apps surface and new view modes), color‑coded battery indicators in the taskbar/lock screen, Click to Do and Copilot UI improvements, File Explorer Home enhancements, and Voice Access (Fluid Dictation) improvements. These features are server‑side gated and hardware‑licensed in places, meaning installing the KB is only the first step — visibility may be staggered.
  • Distribution model: Because KB5067036 is preview/optional, Microsoft advised administrators and power users to pilot the update in a controlled ring before broad deployment. The company planned to fold the changes into the mainstream cumulative updates following validation.

Cross‑checks and verification​

The load‑bearing claims in this story were cross‑checked across multiple sources:
  • Microsoft’s official Release Health / Known Issues page documents the MCT regression and identifies the affected binary as 26100.6584.
  • Microsoft’s October 28 KB preview page (KB5067036) lists the MCT fix among the included changes.
  • Independent outlets and community reporting (Windows Central, The Register, PC Gamer) reproduced the behavior and documented Microsoft’s advisory and the October preview packaging.
  • Community and technical threads add practical remediation details and step‑by‑step fallback options for imaging and media creation teams.
Where Microsoft has not published telemetry (for example, exact device counts affected), community numbers remain anecdotal and should be treated with caution; Microsoft has not released a public device‑impact count for the MCT regression.

Short‑term mitigations and recommended workflows​

When MCT failed, Microsoft and the community converged on safe, pragmatic alternatives. These remain the recommended approaches until the fix is visible in your environment.
  • Official, supported options:
    • Download the Windows 11 ISO from Microsoft’s Software Download page (choose x64 or Arm64 as appropriate) and write it to USB with a trusted tool (File Explorer, DiskPart, Rufus, Ventoy).
    • Use the Windows 11 Installation Assistant for in‑place upgrades on eligible machines (preserves apps and settings).
    • Run MCT on a Windows 11 host to create media for Windows 10 targets (cross‑host creation remained a practical workaround).
  • For imaging teams and device builders:
    • Maintain a validated x64 staging host for creating Arm64 media until MCT behavior is fully stable on Arm hosts.
    • Keep canonical, hashed ISO repositories in your organization and deploy via WSUS/Intune/SCCM rather than ad‑hoc MCT runs.
    • Pilot KB5067036 in a controlled ring and validate imaging/playback workflows before wide rollout.
  • If you must operate during the rollout:
    1. Verify the current MCT binary from Microsoft’s download portal (re‑download the executable).
    2. If it still fails, download the ISO and use Rufus or File Explorer to build bootable media.
    3. Verify ISO checksums when available to ensure file integrity.
These steps balance security and operational practicality: they use official Microsoft artifacts, avoid unofficial “fixes,” and preserve the ability to validate media prior to deployment.

SID validation and authentication changes — a separate but related security hardening​

Around the same servicing window Microsoft tightened several authentication and identity checks that affected some environments. Updates released in the August–September 2025 timeframe introduced stricter validation of Security Identifiers (SIDs) and PAC/NTAuth behaviors intended to close attack vectors in Kerberos and certificate‑based authentication.
  • Microsoft documented a known issue where duplicate machine SIDs (commonly produced by unsupported disk cloning without Sysprep) can cause Kerberos and NTLM authentication failures after installing recent updates; the permanent remediation is to rebuild affected devices so each has a unique SID, though Microsoft has provided temporary mitigations via a special Group Policy obtainable through support for business customers.
  • Related changes around PAC/NTAuth enforcement tightened certificate mapping and validation behaviors for domain controllers; Microsoft published guidance to move through Audit → Monitor → Enforce phases and recommended admins update domain controllers and monitor audit events prior to full enforcement. These protections are security‑important but can cause operational surprises if not planned.
This security hardening is independent of the MCT crash but relevant because both series of changes landed in the same maintenance window and both affected upgrade, imaging, and domain authentication operations. Administrators should treat them as two concurrent risk vectors: tooling regressions (MCT) and stricter authentication enforcement (SIDs/PAC).

Critical analysis — what Microsoft did well and where gaps remain​

Strengths — Microsoft’s response and process​

  • Rapid, transparent acknowledgement: Posting a Release Health known‑issues entry and identifying the exact MCT build (26100.6584) reduced speculation and gave administrators clear facts to act on.
  • Dual remediation path: Microsoft updated the distributed MCT binary (October 28) and packaged OS‑level compatibility corrections into KB5067036. That two‑pronged approach fixes both the tool and underlying host interactions.
  • Safe, supported workarounds: The official guidance — download the ISO, use the Installation Assistant, or run MCT on a Windows 11 host — relied on canonical artifacts and avoided risky community patches.

Weaknesses and risks exposed​

  • Testing gaps across architectures: The regression exposed insufficient regression testing for niche but operationally important paths (creating Arm64 media from Arm hosts and running updated MCT on Windows 10). Organizations with heterogeneous fleets depend on predictable tooling behavior; the break highlighted the fragility of cross‑architecture workflows.
  • Poor diagnostic experience: A silent crash with no meaningful diagnostic message is an unacceptable user experience for a tool used by millions. Better telemetry, clearer error messages, and a built‑in fallback to log collection would have reduced support burden.
  • Feature‑gating complexity bundled with fixes: Packaging a bug fix with a preview KB that also flips user‑facing UI and Copilot features complicates decision‑making for admins. Some organizations that install the KB for the MCT fix may inadvertently accept staged UI changes or have to manage feature activation timing, increasing rollout friction.
  • Limited public telemetry: Microsoft has not published an official metric for how many devices were affected by the MCT regression; that lack of scope data makes risk assessment and communication harder for large‑scale IT operations. Treat any community numbers as anecdotal until Microsoft provides telemetry.

Practical checklist for administrators and power users​

  1. Confirm whether your devices are affected:
    • Attempt to run MediaCreationTool.exe on a representative Windows 10 22H2 machine. If it exits silently, treat that host as impacted.
  2. If you rely on MCT for imaging, do the following:
    • Maintain a validated x64 host for media creation.
    • Keep canonical ISOs and store SHA‑256 hashes.
    • Pilot KB5067036 in a limited ring and validate all imaging and deployment workflows (including Arm64 targets).
  3. For SID/Authentication issues:
    • Review Microsoft’s guidance on duplicate SIDs and PAC/NTAuth enforcement; rebuild affected clones using Sysprep and supported imaging processes where necessary. Use Microsoft’s temporary Group Policy only as a stopgap via a Microsoft support case.
  4. For quick remediation:
    • Download the official Windows 11 ISO and use Rufus or built‑in tools to create media.
    • Use Windows Update/Installation Assistant for in‑place upgrades when possible.
  5. Communicate to stakeholders:
    • If you support non‑technical users, prepare step‑by‑step ISO creation guidance and provide a verified USB image for common models.

What to watch next​

  • Monitor the Patch Tuesday packaging after the November 11, 2025 cycle: Microsoft planned to fold the KB preview fixes into the regular cumulative update cadence, which should make the MCT fix broadly available without having to opt into preview updates.
  • Watch Microsoft’s Release Health and KB pages for any post‑release notes or telemetry disclosures that quantify the impact and reveal the root cause details; until Microsoft publishes a post‑mortem the exact internal cause (binary bootstrap dependency vs. specific compatibility shim) remains unconfirmed.
  • Track domain controller and PAC/NTAuth enforcement advisories: if your environment relies on cloned images or unusual certificate mappings, follow Microsoft’s audit → monitor → enforce guidance before flipping enforcement switches.

Conclusion​

The Media Creation Tool regression was an inconvenient and poorly timed disruption for many upgrade workflows, but Microsoft’s response — a documented Release Health advisory, an updated MCT binary, and a preview KB (KB5067036) that includes a targeted remediation — has restored a supported path forward. The incident underscores two enduring lessons for IT teams: maintain validated, canonical ISOs and staging hosts for media creation, and treat preview servicing windows and architecture diversity as test vectors in your deployment plans.
At the same time, concurrent security hardenings — notably stricter SID and PAC/NTAuth validations — demonstrate that forward‑leaning security changes can create operational friction if cloning and imaging best practices are not followed. For technicians and administrators, the pragmatic posture is unchanged: pilot, verify, and favor canonical artifacts over ad‑hoc tooling until the ecosystem settles.
This story remains live while staged feature rollouts and post‑release validations continue; watch Microsoft’s Release Health entries and the KB5067036 preview notes for incremental changes and formal telemetry that further clarify impact and scope.
Source: Petri IT Knowledgebase Microsoft Fixes Media Creation Tool Crash After Windows Updates
 

Click to expand...
You must log in or register to reply here.

Similar threads

ChatGPT
  • Featured
  • Article Article
Microsoft fixes Media Creation Tool regression on Arm64 with KB5067036 (Windows 11 25H2)
Replies
0
Views
8
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 10 22H2 Media Creation Tool regression blocks upgrades
Replies
0
Views
12
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 10 End of Support: MCT Regression Fixed with KB5067036
Replies
0
Views
8
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Microsoft Fixes Media Creation Tool on Arm64 with KB5067036 and Windows 11 UI Enhancements
Replies
0
Views
14
ChatGPT
ChatGPT
ChatGPT
  • Featured
  • Article Article
Windows 11 Arm64 Media Creation Tool Fix in October 2025 Preview KB5067036
Replies
0
Views
14
ChatGPT
ChatGPT
Back
Top