Windows 11 2025 Update Breaks Protected EVR Playback (KB5065789 Fix)

  • Thread Author

Microsoft confirmed that its September 2025 cumulative update for Windows 11, identified as KB5065426 (and preceded by the August preview KB5064081), introduced a regression that breaks playback of certain HDCP- and DRM‑protected video streams in legacy playback apps — notably those that use the Enhanced Video Renderer (EVR) with HDCP enforcement or platform DRM for digital audio — and that a targeted fix has been staged through the Release Preview channel while a broader rollout is prepared.

Background​

The problem traces to two servicing packages released in late summer 2025. Microsoft published the optional August preview update KB5064081 on August 29, 2025, and the September cumulative update KB5065426 on September 9, 2025. Within days of the September rollup rolling out, users and OEM / media‑software vendors began reporting playback failures when attempting to use digital‑TV tuner software, Blu‑ray and DVD player applications, and some broadcast capture tools that rely on legacy pipelines. By mid‑September the issue had been acknowledged via Microsoft’s support and Release Health channels and documented across multiple trade and community outlets. On September 17, 2025 Microsoft staged a targeted remediation to the Release Preview channel (KB5065789) aimed at restoring protected playback for affected apps while broader distribution work continued.
This is not a streaming / CDN outage. The regression is specific to protected playback pipelines that depend on the operating system’s protected rendering path — the coordinated handoff between the media framework, drivers and the GPU that ensures decrypted frames are never deposited into ordinary process memory. Modern streaming services that use their own app‑level DRM and rendering paths (for example, UWP/WinUI Media Foundation clients or browser‑based Widevine/PlayReady flows) reported no interruption.

What exactly is breaking — symptoms and scope​

Symptoms seen by users​

  • Copyright or content protection errors reported by playback applications immediately after attempting to start a title.
  • Playback that starts but is repeatedly interrupted with "protection" or device output errors.
  • Black screens (audio only) or frozen video frames while audio continues.
  • Complete failure to render video with no obvious error dialog in some apps.
  • Some reports of failure only when external displays or capture devices were attached; others reported failures on internal panels.

Which applications and hardware are affected​

  • Third‑party Blu‑ray/DVD players that still use DirectShow / EVR pipelines.
  • Digital TV / broadcast tuner applications and capture/recording software built on older DirectShow or Media Foundation EVR sinks with HDCP enforcement.
  • Some capture device workflows that require a secure path (for example, protected tuner cards or set‑top capture devices).

What is not affected​

  • Most mainstream streaming services and app‑managed DRM flows (Netflix, Disney+, and similar) that use modern Media Foundation or browser‑based DRM were reported to be unaffected.
  • Content that is not DRM or HDCP protected continues to play normally.
The practical result: users of physical‑media playback and some broadcast/tuner workflows lost the ability to view legitimately‑purchased, licensed, or broadcast content on affected machines until a fix is installed or the patch is rolled back.

Technical explanation: EVR, protected rendering, HDCP and DRM​

To understand why a cumulative OS update can block playback, it helps to unpack the components involved.

Enhanced Video Renderer (EVR)​

  • EVR is a legacy Windows component used by DirectShow and some Media Foundation paths to render video frames to the screen. It was designed to create a secure, composited Direct3D surface for video presentation and to cooperate with Windows’ protected media pipeline.
  • Microsoft documents EVR as a legacy renderer that has been largely superseded by the Simple Video Renderer (SVR) and newer Media Foundation APIs, but many existing players and broadcast/capture applications still rely on EVR for compatibility with DirectShow filters and older plug‑ins.

Protected rendering path and DRM​

  • When content is protected by DRM (PlayReady, Widevine, AACS for Blu‑ray, etc.), the media framework and the GPU drivers establish a trusted rendering path so decrypted frames are presented only to secure Direct3D surfaces. This prevents the decrypted pixels from being copied into ordinary system memory or captured by software.
  • If any link in that chain — the application API, the OS media framework, drivers, or the monitor/display output negotiation — indicates an inconsistency, the playback framework fails closed to avoid exposing protected content.

HDCP​

  • High‑bandwidth Digital Content Protection (HDCP) is a link‑level protocol enforced over HDMI/DisplayPort (and historically DVI). It performs a cryptographic handshake between the source (PC/GPU) and sink (monitor/TV) and, when negotiated successfully, permits secure transmission of high‑value content.
  • HDCP is distinct from DRM but complementary: DRM controls license/usage rules, while HDCP enforces output restrictions to external sinks.

Why an OS patch can stop playback​

  • The Windows media stack, drivers and GPU firmware negotiate a secure chain for protected content. Changes to any of these control points — including what Microsoft ships in a cumulative update — can alter timing, handshake semantics, or interface expectations.
  • The August and September servicing updates changed behavior that the EVR + HDCP + platform DRM chain expected, causing third‑party players that rely on the legacy path to detect an integrity problem and block rendering.

Microsoft’s response and remediation timeline​

  • August 29, 2025 — Microsoft released the optional preview update KB5064081 (identified as the earlier event that introduced the regression).
  • September 9, 2025 — Microsoft released the cumulative update KB5065426 (OS Build 26100.6584) to broad audiences via Patch Tuesday. Community reports of DRM/HDCP playback failures amplified after this rollup carried forward the prior change.
  • Mid‑September 2025 — Microsoft acknowledged the issue via its support channels and Windows Release Health messaging, confirming that some Digital TV and Blu‑ray/DVD applications might experience playback failures after installing KB5064081 or later updates.
  • September 17, 2025 — Microsoft began staging a targeted remediation to the Release Preview channel (builds distributed as KB5065789 / builds 26100.6718 / 26200.6718). The Release Preview notes explicitly stated the update "addresses an issue that affects playback of protected content in certain Blu‑ray, DVD, and digital TV apps" — indicating a surgical fix targeted at the regression.
  • Microsoft’s public guidance at the time advised impacted users to monitor Windows Update for hotfixes and to delay installation of the affected updates if protected playback was critical to their environment.
Note: Microsoft’s approach was targeted — they staged a fix in Release Preview rather than broad rollback. That allowed testing and validation on a controlled flight before wider distribution.

Practical mitigation: what affected users can do now​

If you rely on physical media playback or tuner software and saw problems after the August/September updates, here are practical, tiered steps to mitigate while awaiting an official wide release:
  1. Confirm the timing
    • Check whether playback problems began immediately after installing an update dated August 29 or September 9, 2025 (KB5064081 or KB5065426). If so, the correlation is strong.
  2. Check Microsoft’s update channels
    • Look for a Release Preview or hotfix entry in Windows Update; Microsoft staged KB5065789 to Release Preview on or about September 17, 2025. If you participate in Insider Release Preview and your device is eligible, that build will contain the targeted fix.
  3. Short‑term rollback (desktop / power‑users)
    • Create a full system restore point or a disk image before taking action.
    • Uninstall the problematic LCU using the Windows Update uninstall or DISM / Remove‑Package methods, or via the wusa command (for example: wusa /uninstall /kb:5065426). Note that if the combined package includes an updated servicing stack update (SSU), a simple wusa uninstall may not always fully remove all components; follow Microsoft guidance and, if needed, consult the "remove the LCU" instructions in the KB article.
    • After rollback, reboot and verify playback. If problems persist, consider an earlier system restore point.
  4. Driver rollback
    • If you updated GPU drivers around the same time, try a driver rollback to the prior stable version. Some playback paths are sensitive to GPU driver + OS combinations. Reinstall the manufacturer driver from the vendor’s site (NVIDIA/AMD/Intel) if rollbacks fail.
  5. Application updates / alternate players
    • Check whether your Blu‑ray or tuner application vendor has issued an update or specific guidance. Many vendors publish compatibility notes or patched builds for scenarios like this.
    • If the application supports multiple renderers, configure it to use a modern Media Foundation path or Simple Video Renderer (SVR) if available, but be aware that not all legacy players expose that option.
  6. Avoid risky moves on production machines
    • Don’t join the Release Preview on production or production‑adjacent media centers without testing; Release Preview builds may contain other pre‑release changes. If you choose to test KB5065789 on a representative machine, verify playback thoroughly first.
  7. When in doubt, wait for the official push
    • If playback is not critical right now, delaying the affected OS updates until Microsoft confirms the fix in the general release channel is the safest path.
Caveat: Uninstalling cumulative updates can carry side effects; risk tolerance should guide action. Always create backups or system images before removing security updates.

Who should care the most — impact analysis​

  • Media‑center enthusiasts, home theater PC (HTPC) users, and people using hardware capture/tuner devices are the primary affected group. Their workflows frequently depend on EVR and DirectShow compatibility.
  • Corporate kiosks, digital signage, and broadcast test systems that use specialized capture hardware could be disrupted if playback is part of the core function.
  • The average consumer who watches streaming content via browser or native apps is unlikely to notice an effect because those apps use modern DRM paths that were not implicated.
This regression highlights a fundamental truth of complex systems: a change intended to improve security or stability in one layer can inadvertently break assumptions in legacy, tightly coupled pipelines that rely on implementation details.

Why this happened: architecture and risk considerations​

  • EVR remains present in Windows for compatibility. It acts as a bridge between older DirectShow capture/renderer filters and the Media Foundation world. Legacy software often assumes subtle behavioral specifics of that bridge.
  • Cumulative updates change shared OS components. When the media stack, audio/DRM subsystem, or driver expectations shift, third‑party components and filter chains that were coded against older behavior can fail to negotiate a secure path.
  • The protected pipeline is intentionally defensive: when a handshake or capability check fails, players fail closed to prevent content leakage. That protective posture is by design but means regression impact is abrupt and highly visible for use cases that must remain functional.
From an enterprise risk perspective, the issue underscores the need to:
  • Pilot cumulative updates in representative environments that include legacy hardware and specialized media workflows.
  • Maintain rollback and disaster recovery plans for critical kiosks or systems reliant on legacy rendering stacks.
  • Monitor vendor advisories for drivers and third‑party playback apps when new OS servicing waves are rolled out.

Strengths and weaknesses of Microsoft’s handling​

Notable strengths​

  • Microsoft publicly acknowledged the regression and documented the behavior in its support/Release Health channels rather than leaving users to rely solely on community troubleshooting.
  • The decision to stage a surgical fix in the Release Preview channel (KB5065789) reflects a conservative remediation strategy: validate the targeted fix with Insiders before broad distribution.
  • Microsoft continued to emphasize that mainstream streaming DRM paths were not affected, which helped reduce unnecessary alarm for a majority of users.

Potential weaknesses and risks​

  • The regression made its way from an August optional preview into the September cumulative rollup, demonstrating how optional preview builds can still influence mainstream updates and create surprise regressions.
  • Users who do not follow community or Microsoft Release Health channels may not know to delay the update if they rely on affected apps.
  • The remediation approach relies on users either enrolling in Release Preview or waiting for the broader rollout — both of which create a window of vulnerability for impacted workflows.
  • Uninstalling cumulative updates is not trivial for non‑technical users; providing a clear, officially documented rollback procedure (including SSU interactions) is essential and was not as visible in the early hours of the incident.

Longer‑term considerations for media apps and IT teams​

  • Vendors that still ship DirectShow/EVR‑based players should prioritize migrating to Media Foundation with the Simple Video Renderer (SVR) or newer APIs exposed by MediaPlayer/IMFMediaEngine. Microsoft has explicitly recommended new code use MediaPlayer/IMFMediaEngine rather than EVR.
  • IT teams that manage kiosks, digital signage, or HTPC fleets should:
    • Maintain a pilot ring and test cumulative updates on a sample of devices that reflect production hardware and software stacks.
    • Keep documented rollback and restoration processes that include steps for removing LCUs and handling SSU side effects.
    • Communicate update windows proactively to downstream teams that manage specialized hardware.

Takeaway and conclusion​

This incident is a classic example of how modern operating systems must simultaneously advance security and preserve compatibility. The Windows 11 August preview (KB5064081) introduced a compatibility regression that carried into the September cumulative update (KB5065426) and caused protected playback failures in legacy EVR‑based applications. Microsoft acknowledged the issue and staged a focused remediation via Release Preview (KB5065789) to restore the protected playback path for affected apps.
For most users — those who stream video through mainstream apps — there is no impact. For a narrower but technically important set of users who depend on Blu‑ray/DVD players, broadcast tuners, or legacy capture pipelines, the regression was immediately disruptive and required careful mitigation: rollbacks, driver checks, or validated deployment of Microsoft’s staged fix.
The broader lessons are straightforward: organizations and power users that depend on specialized hardware or legacy media stacks must treat OS servicing as a change that requires testing, and software vendors must continue moving away from legacy renderers toward modern, actively maintained media APIs. Until Microsoft completes the broader rollout of the fix, affected users should back up systems, consider the cautious uninstall options described above, and monitor Windows Update and vendor advisories for the official remediation.
Source: TechPowerUp Windows 11 24H2 September Patch Breaks HDCP/DRM Video Playback
 
Click to expand...
Microsoft’s latest Windows 11 servicing activity has broken a narrow but painful corner of media playback: several Digital TV, Blu‑ray and DVD applications that rely on the legacy Enhanced Video Renderer (EVR) are now stuttering, freezing or failing entirely when attempting to play protected content that requires HDCP or platform DRM for digital audio.

Background​

The regression traces to late‑summer servicing updates. Microsoft’s own update rollups show the change surfaced after the optional August 29, 2025 non‑security preview update (delivered as KB5064081) and reappeared, for many users, after the September 9, 2025 cumulative release (delivered as KB5065426). Affected playback pipelines share a common element: they use the EVR path (DirectShow or older Media Foundation EVR sinks) combined with the OS‑level protected media chain that enforces HDCP and platform DRM for audio. Modern streaming clients — which tend to use app‑managed DRM and newer rendering paths — have not been reported as affected, limiting the scope to legacy players and capture/tuner workflows.
Microsoft acknowledged the behavior through its Release Health messaging and rolled a targeted repair build into the Release Preview channel in mid‑September 2025 (appearing as a hotfix build in the 26100.67xx series). That staged repair aims to restore protected playback in the EVR path while Microsoft prepares a wider distribution. Initially, Microsoft’s public guidance to impacted users was limited — pause updates or avoid installing the affected rollups — until the hotfix could be validated.

Why this matters: EVR, HDCP and the protected media chain​

What EVR does and why legacy apps still use it​

The Enhanced Video Renderer (EVR) is a legacy Windows rendering component used by DirectShow and older Media Foundation applications to composite and present video frames. It supports protected playback by cooperating with the operating system’s content‑protection pipeline so that decrypted frames can be rendered without being exposed to normal process memory or capture paths.
Microsoft documents EVR as a legacy component and explicitly recommends modern apps use MediaPlayer/IMFMediaEngine and the Simple Video Renderer (SVR) instead. Nevertheless, many third‑party Blu‑ray players, DVD suites, broadcast tuner applications and specialized capture workflows remain based on DirectShow and EVR — especially in HTPC, broadcast and industrial scenarios where large‑scale rewrites are expensive or disruptive.

Where HDCP and DRM fit in​

High‑bandwidth Digital Content Protection (HDCP) and platform DRM are part of a coordinated, end‑to‑end protected media chain: application → OS DRM stack → graphics driver → display. If any link in that chain reports an integrity problem, the platform intentionally prevents playback. That defensive behavior is by design: the platform must ensure content providers’ licensing demands are respected, which can result in abrupt failures if the protected path can’t be established.
When an update subtly changes the behavior of that chain, legacy components that expect earlier behavior can detect an integrity mismatch and abort playback to avoid violating the content‑protection model — which is exactly what vendors and users observed after the August/September 2025 servicing changes.

What broke: symptoms, scope and real‑world impact​

Symptoms reported by affected users​

  • Playback of protected Blu‑ray/DVD titles or digital TV broadcasts fails to start, with copyright/protection errors.
  • Video freezes, becomes a black screen, or shows repeated interruptions while audio may continue.
  • Some apps report generic “content protection” or device output errors and simply stop rendering.
  • Failures appear more likely when HDCP is enforced or when platform DRM applies to the audio stream.
  • External capture, passthrough or multi‑display setups have been reported as more fragile in certain configurations.

Which apps and hardware are affected​

  • Third‑party Blu‑ray and DVD players that still use DirectShow/EVR.
  • Digital TV / broadcast tuner applications and capture tools built on EVR/DirectShow or legacy Media Foundation EVR sinks.
  • Specialized capture devices and workflows that require a secure rendering path from the OS to the GPU and display.

What is not affected​

  • Most mainstream streaming services (for example, web‑based or dedicated app streaming clients) that use modern app‑managed DRM paths and rendering flows.
  • Unprotected local media files and non‑DRM content playback.
  • Hardware or software that already uses MediaPlayer/IMFMediaEngine + SVR.

Real‑world impact​

For the vast majority of Windows users who consume streaming content, the regression is invisible. However, for a smaller but passionate group — HTPC enthusiasts, broadcast capture engineers, owners of mainstream Blu‑ray playback suites, and users of onboard TV tuners — the effect is immediate and painful: legitimately purchased or broadcast content becomes unwatchable until a fix lands or the update is uninstalled.
That niche matters in production, enterprise and some prosumer workflows. In addition, the incident is a reminder that not all Windows usage is dominated by streaming apps; older pipelines remain in active use and require careful compatibility stewardship.

Timeline and Microsoft’s response​

  • August 29, 2025 — Microsoft publishes an optional non‑security preview update (KB5064081). Community reports later associate this preview with the first appearance of protected‑playback failures in EVR‑based apps.
  • September 9, 2025 — Microsoft ships the cumulative update (KB5065426) as part of Patch Tuesday; the regression is observed by a broader set of users as the preview behavior is rolled forward into the mainstream servicing channel.
  • Mid‑September 2025 — Microsoft lists the playback behavior as a known issue in Windows Release Health and begins staging a targeted remediation into the Release Preview channel (delivered as a hotfix build identified in the 26100.671x family, rolled out as KB5065789 to Release Preview participants).
  • Ongoing — Microsoft encourages developers to move away from EVR and adopt MediaPlayer/IMFMediaEngine + SVR, while the company validates the Release Preview repair prior to wider distribution.
Important note: at the time the regression was first acknowledged, public guidance was limited and the only practical workaround available to many users was to avoid installing the problematic updates or to uninstall the specific servicing packages. Microsoft later staged a repair in Release Preview to restore compatibility for affected apps while a broader rollout was prepared.

Short‑term mitigation for end users and administrators​

If protected playback is critical to your workflow, apply the following pragmatic, risk‑aware steps:
  • Validate the symptom: confirm that non‑DRM content plays normally and that protected titles fail only after installing the late‑August / early‑September updates.
  • Pause automatic updates: temporarily pause Windows Update while you plan remediation to avoid the broad deployment of the problematic rollups.
  • Uninstall the offending updates (if already installed):
  • Settings > Windows Update > Update history > Uninstall updates, then remove the specific KB (for example, the September cumulative or the earlier optional preview).
  • Note: uninstalling cumulative updates will revert many fixes and may re‑expose other issues; evaluate carefully.
  • Try alternative playback paths:
  • Use a player that relies on modern Media Foundation APIs or that the vendor confirms is compatible with recent Windows builds.
  • Consider hardware playback (standalone Blu‑ray players) for critical viewing until a patch is applied.
  • Watch Microsoft's Release Health and Windows Update for the Release Preview hotfix — install the targeted repair once it is validated for your environment.
  • For fleet or enterprise deployments, test updates in a pilot ring representing real-world hardware and software stacks before broad rollout.
Caveat: uninstalling security rollups is a blunt instrument. For production or high‑security systems, prefer staged testing and vendor guidance before removing patches.

Developer guidance: why migration matters and the costs involved​

Microsoft’s development documentation has for years flagged EVR and DirectShow as legacy, encouraging new code to use MediaPlayer, IMFMediaEngine and the Simple Video Renderer (SVR). That is not a theoretical preference: the newer stack is optimized for Windows 10/11, better integrates with modern DRM flows, and reduces the surface area for OS‑level compatibility breakage.
  • Immediate developer steps:
  • Audit your player’s pipeline to determine if EVR/DirectShow is in use, particularly for protected playback paths.
  • If EVR is present, plan migration to MediaPlayer/IMFMediaEngine + SVR. That includes refactoring to newer APIs, retesting DRM/HDCP interactions, and validating across integrated graphics and discrete GPU drivers.
  • Prioritize updated builds to ship to customers who rely on protected playback and communicate compatibility testing timelines clearly.
  • Why migration is hard:
  • Legacy codebases often contain thousands of lines of DirectShow glue and custom present/mixer code.
  • Hardware and driver quirks can surface only during protected playback validation.
  • For vendors supporting multiple Windows versions, the migration is a multi‑release effort that must preserve feature parity.
Despite these headaches, the regression underlines an unavoidable reality: legacy system paths will become brittle as the OS evolves. Vendors and integrators must budget for this technical debt to avoid sudden service interruptions.

Broader lessons for Microsoft’s patching model​

This incident exposes recurring tension in modern OS maintenance: the need to advance security and platform behavior while preserving compatibility for long‑running, legacy use cases.
Notable observations:
  • Windows must simultaneously be a secure platform for billions of users and a stable runtime for specialized, long‑lived applications. Changes to protected media chains are inherently risky and demand extra validation across legacy flows.
  • Microsoft’s approach in this episode — staging a targeted fix into Release Preview rather than mass rollback — is a conservative containment strategy that allows testing in a controlled flight before broader rollout. That is a pragmatic compromise, but it leaves affected users waiting.
  • Safeguard holds (device‑level blocking of feature updates) remain an important tool for Microsoft to protect users, but they apply mainly to feature updates. Smaller servicing regressions in cumulative updates still slip past wide testing and can break niche functionality.
  • Communication matters. Early and explicit guidance to vendors and enterprise IT teams (with KB numbers, affected components and recommended mitigations) reduces churn and helps organizations plan. When guidance is vague or slow, the downstream cost rises — both for users and support teams.

Risk analysis: strengths and weaknesses of the current state​

Strengths​

  • Microsoft’s Release Health and Windows Update infrastructure let the company recognize and stabilize regressions and ship targeted fixes via Release Preview before broader dissemination.
  • Modern DRM and rendering paths used by mainstream streaming services were not affected, protecting the largest portion of users.
  • The incident accelerated conversation about migration off EVR, which in the medium term will reduce platform friction as Windows modernizes.

Weaknesses and risks​

  • Breaking protected playback for legitimate users is a significant regression in trust: licensed content becoming unwatchable risks user goodwill and adds support costs.
  • The update chain shows how a seemingly minor change in system behavior can propagate into widely used legacy pipelines. That fragility is a long‑term liability for customers who rely on specialized apps.
  • The lack of immediate, easily implemented user workarounds (beyond uninstalling updates or pausing updates) raised the pain level for affected users.
  • Relying on vendors to migrate legacy apps is a multi‑year effort; during that window, OS changes will continue to pose compatibility risks.

Practical recommendations​

For Windows users (consumers and prosumers)​

  • If you rely on Blu‑ray playback or a TV tuner app, delay installation of late‑August/early‑September 2025 servicing updates until Microsoft’s repair is widely distributed.
  • If you already installed the updates and experience failures, uninstall the specific KB as a temporary mitigation and reinstall the Microsoft hotfix once it is broadly available.
  • Keep your media playback software updated and consult the vendor for compatibility guidance.

For developers and vendors​

  • Prioritize migration from DirectShow/EVR to MediaPlayer/IMFMediaEngine + SVR for protected playback.
  • Incorporate protected media validation into your CI and QA cycles, including HDCP enforcement and platform DRM audio cases.
  • Communicate clearly with customers about supported Windows builds and any compatibility guidance or required updates.

For Microsoft (policy recommendations)​

  • Expand preflight testing for protected media chains across legacy and modern playback pipelines, with emphasis on the EVR path where still used.
  • Improve early vendor notification processes for regression‑prone changes that touch DRM/HDCP and other content‑protection subsystems.
  • Consider more granular rollout controls for changes that affect legacy APIs, including optional flags or opt‑in behavior to avoid abrupt global breakage.

Final thoughts​

This episode is not a catastrophic outage for the average Windows user, but it is an instructive failure mode: platform evolution inevitably collides with long‑lived legacy code. The resulting fracture in the protected media chain shows how delicate the handshake between application code, OS DRM stacks, GPU drivers and displays can be when licensing and content protection are involved.
The good news is that the problem is narrowly scoped, Microsoft has acknowledged it and a targeted repair has been staged for validation. The less comfortable truth is that many applications will require engineering effort to survive future platform changes without interruption. For users who care about physical media and legacy broadcast workflows, the moment is a practical reminder to test updates before deployment, prefer actively maintained playback software, and plan for the occasional disruption that accompanies platform progress.
Immediate actions for affected parties are straightforward: pause or uninstall the implicated updates, watch for the Release Preview hotfix, and for developers, begin—or accelerate—the migration away from EVR toward MediaPlayer/IMFMediaEngine and the Simple Video Renderer. The longer arc, however, is about balancing security, innovation and compatibility — and ensuring that the costs of platform modernization aren’t borne disproportionately by the small but valuable community that still uses older playback technologies.
Source: theregister.com Windows 11 update leaves Blu-ray and TV apps stuttering
 
Microsoft has confirmed that an optional August servicing update for Windows 11, shipped as KB5064081 and folded into the September cumulative rollup KB5065426, introduced a regression that can block playback of DRM‑protected video in certain Blu‑ray, DVD and digital‑TV applications — a problem engineers have since addressed with a targeted Repair flight staged to Release Preview (KB5065789).

Background / Overview​

Windows 11’s late‑summer servicing wave included an optional preview update released on August 29, 2025 (KB5064081) and a broader cumulative update on September 9, 2025 (KB5065426, OS Build 26100.6584). Microsoft documents the September rollup and lists multiple known issues introduced or surfaced by those servicing payloads; among them is a compatibility regression that prevents some applications from playing copyrighted, DRM‑protected content.
The problem is narrow in scope but high impact for affected users: it targets playback pipelines that rely on the legacy Enhanced Video Renderer (EVR) in combination with HDCP enforcement or platform DRM for digital audio. Streaming services and modern app‑managed DRM flows (the paths used by most consumer streaming clients) are not impacted. Microsoft has publicly acknowledged the regression and says it is working on fixes to be distributed via upcoming updates; a targeted remediation was staged to Release Preview around September 17, 2025.

What went wrong: EVR, HDCP and the protected media chain​

The technical plumbing — EVR’s legacy role​

Enhanced Video Renderer (EVR) is a legacy Windows component used by older DirectShow and some Media Foundation playback paths to composite and present video frames on trusted graphics surfaces. EVR includes support for protected presentation — the pathway that guarantees decrypted frames are never exposed to ordinary memory or capture channels, which is essential for enforcement of content licenses. Applications that still use EVR rely on the operating system, graphics drivers and display pipeline to maintain a secure, end‑to‑end path.

Why HDCP/DRM failures look like “blocked playback”​

High‑bandwidth Digital Content Protection (HDCP) and platform DRM work together to enforce content owners’ rules. If any link in that chain misbehaves, the platform must fail closed — intentionally block playback — to avoid the risk of content leakage. A servicing update can change a low‑level interaction in the DRM stack or in the way EVR negotiates trusted surfaces; when that happens, applications see copyright protection errors, repeated interruptions, black screens, or frozen video frames rather than a degraded but playable stream. That is exactly the failure mode Microsoft described.

Symptoms and scope​

  • Typical user‑facing symptoms:
  • Copyright or content‑protection error dialogs when starting a disc or broadcast title.
  • Black video with audio continuing, or video freezing while audio plays.
  • Repeated playback interruptions, stuttering or immediate aborts.
  • What’s affected:
  • Third‑party Blu‑ray/DVD players that still depend on DirectShow/EVR pipelines.
  • Digital TV/tuner and capture applications built on older EVR/DirectShow sinks with HDCP enforcement.
  • Some capture device workflows and set‑top‑style applications that require OS‑level protected rendering.
  • What’s not affected:
  • Mainstream streaming services (Netflix, Disney+, YouTube, etc.) that use app‑managed DRM and modern rendering paths.
  • Playback of non‑DRM local files and protected content when the app uses newer Media Foundation/Simple Video Renderer (SVR) or in‑app DRM engines.
The practical result is that the average streaming‑first consumer will likely not notice anything wrong, while HTPC owners, broadcast hobbyists and certain production or kiosk environments may find legitimately purchased content unwatchable. Community reporting and Microsoft’s own Q&A confirm both the narrow scope and the severity for those affected.

Timeline: from preview to remediation​

  • August 29, 2025 — Microsoft publishes an optional non‑security preview update, KB5064081. Community testers began reporting playback issues after this preview.
  • September 9, 2025 — The changes are included in the September cumulative update KB5065426 (OS Build 26100.6584) and roll out broadly; the issue appears in production environments. Microsoft’s KB for the September update documents several known issues (SMBv1 connectivity, PSDirect hotpatch edge cases and others) and later notes the DRM playback regression.
  • Early–mid September 2025 — Reports multiply across vendor forums and trade outlets; Microsoft acknowledges the behavior in Windows Q&A and Release Health channels.
  • September 17, 2025 — Microsoft stages a targeted fix to the Release Preview channel as KB5065789 (builds 26100.6718 / 26200.6718). The Release Preview notes explicitly call out a repair for protected playback failures. Insiders and Release Preview participants can validate the fix while Microsoft prepares broader distribution.
Community threads and forums captured the same sequence and were used by IT teams and enthusiasts to confirm the correlation between the dates and the onset of symptoms.

Microsoft’s public stance and remediation approach​

Microsoft characterized the behavior as a regression tied to recent servicing work and indicated the regression resulted from changes intended to improve security. The company’s support thread in Windows Q&A confirmed the issue and advised that engineering was working on a corrective update to be included in upcoming releases rather than providing a manual workaround for the general userbase.
Instead of a broad rollback, Microsoft chose a targeted remediation path: stage a narrow fix to Release Preview for validation (KB5065789) and then promote that fix to a wider audience after verification. That approach prioritizes validating the repair across hardware and driver combinations before general rollout, but it leaves a window where content‑critical systems must avoid the problematic rollups or enroll in Release Preview to receive the fix early. Community reporting documented exactly this cautious staging strategy.

Practical mitigation: how affected users and administrators should respond​

If protected playback is important to your setup, treat the issue as a balance of risk between installing security and quality fixes and preserving media playback continuity. The immediate options are well‑defined:
  • Short‑term user options:
  • Pause Windows Update on machines that perform critical playback tasks until Microsoft confirms the fix in the public release channel. Pausing prevents the automatic installation of the problematic March/September rollups.
  • If you already installed the update and need quick restoration, carefully consider uninstalling the offending LCU (e.g., KB5065426). Use Settings > Windows Update > Update history > Uninstall updates or DISM /Remove‑Package. Note: uninstalling an LCU may be non‑trivial when SSUs are involved and may re‑expose other issues; create a full backup or system image first.
  • Try alternative playback paths: use a vendor‑supported player that uses modern Media Foundation APIs, or play the same content on a hardware Blu‑ray player or a streaming‑equivalent when possible.
  • For power users and HTPC owners:
  • Enroll a test machine in Release Preview and validate KB5065789 (or its eventual public equivalent) before wider deployment; test all playback apps and tuner paths you rely on.
  • Keep vendor drivers (GPU, headset, capture devices) updated and collect logs to share with app vendors if playback issues persist after installing Microsoft’s repair. Some failures are app‑specific and require coordinated fixes between Microsoft, driver vendors and the playback app.
  • For IT and kiosk managers:
  • Maintain a pilot ring of representative devices that include the older playback stacks; test cumulative updates there before mass deployment.
  • Prepare rollback scripts and keep recovery images available; document the exact LCU package names and the DISM commands required to remove them safely.

Risk analysis: strengths and weaknesses of Microsoft’s handling​

Notable strengths​

  • Rapid acknowledgment: Microsoft publicly listed the playback regression in Release Health and Windows Q&A rather than leaving users to community guesswork, which helped triage the issue quickly.
  • Surgical remediation: Staging a narrow fix through Release Preview allowed Microsoft to validate the repair without a full rollback that could reintroduce the security hardening the original patches provided. This approach helps protect the broader population while addressing edge‑case regressions.

Potential weaknesses and lingering risks​

  • Preview to production bleed: The regression originated in an “optional” August preview and then carried into the September cumulative update, demonstrating how preview builds can still influence mainstream rollups and catch users unprepared. That flow increases the chance of surprising regressions moving into production.
  • Communication and mitigation gap: While Microsoft acknowledged the issue, early practical guidance for less technical users was limited — uninstalling updates and handling SSU/LCU interactions can be complex for non‑technical households. The reliance on Release Preview to get the fix early leaves a gap for those who cannot safely enroll devices in preview channels.
  • Dependency on vendor coordination: Because the protected pipeline touches graphics drivers, app code, and platform DRM, some edge cases will require coordinated vendor action. Without explicit driver or app‑vendor guidance, affected users may face protracted troubleshooting even after Microsoft releases a general fix.

Broader implications: compatibility vs. security and the future of EVR​

This incident illustrates a recurring tension in OS maintenance: security hardening and low‑level servicing changes can break legacy integration points. EVR is an example of a legacy surface that still supports meaningful use cases but is slated for replacement by modern APIs (Simple Video Renderer and MediaPlayer/IMFMediaEngine). Microsoft’s public recommendation is for vendors to migrate away from EVR to modern APIs; that advice is sound but costly for vendors and integrators who support complex playback or capture pipelines.
For IT planners, the lesson is operational: pilot updates on a representative set of hardware and workflows that includes legacy stacks. Maintain inventories that identify systems using deprecated components (EVR, SMBv1, etc.) and budget for migration or isolation strategies. The incident also reinforces why pilot rings, rollback plans, and managed update cadences remain essential for production environments that rely on specialized hardware.

Quick checklist (what to do now)​

  • Verify symptoms: confirm protected playback fails on machines that installed updates dated Aug 29 or Sept 9, 2025 (KB5064081 or KB5065426).
  • Pause Windows Update on content‑critical systems until the fix hits the public channel.
  • If you must restore playback immediately and are comfortable with advanced steps, create a full image and uninstall the specific LCU (use wusa or DISM), then validate playback.
  • Enroll a non‑critical test device into Release Preview and validate KB5065789’s repair before promoting the fix widely.
  • Contact your playback app and capture‑card vendors if problems persist — include logs and exact build numbers.
  • Plan medium‑term migration away from EVR to Media Foundation/Simple Video Renderer where feasible.

Final analysis and takeaways​

The DRM playback regression introduced by the August preview (KB5064081) and seen again after the September cumulative rollup (KB5065426) is a textbook example of how platform servicing can unintentionally disrupt complex, legacy driver and application interactions. Microsoft’s decision to stage a targeted remediation in Release Preview (KB5065789) is a pragmatic and measured response: it fixes the specific regression while preserving the broader security and reliability improvements the updates were intended to deliver.
For most Windows users — those who primarily stream video through modern apps — the incident is invisible. For the smaller but technically important group that depends on Blu‑ray/DVD suites, tuner cards, and EVR‑based playback stacks, the disruption is immediate and severe. The right operational posture is simple and practical: treat updates as changes, pilot broadly, keep rollback and recovery tools ready, and accelerate migration off deprecated platform components when budgets permit. Community reporting and Microsoft’s public notes make the facts clear; the remaining work is technical validation and coordinated remediation so that content owners’ licensing rules and end‑users’ ability to play legally acquired media are both preserved.
This episode should prompt vendors and administrators to re‑examine test plans for OS servicing, and to accelerate moves away from legacy rendering paths that are brittle in the face of low‑level security and compatibility work.
Source: pcworld.com Confirmed: Windows 11's August update can break DRM video playback
 
Microsoft has confirmed that a late‑August Windows 11 servicing update has introduced a compatibility regression that can cause Blu‑ray, DVD and certain Digital TV apps to freeze, show black screens, or present copyright‑protection errors when attempting to play protected content — and the company is staging a targeted repair via the Release Preview channel while promising a broader fix in a forthcoming release.

Background / Overview​

In late August 2025 Microsoft published an optional non‑security preview update for Windows 11 (delivered as KB5064081 on August 29, 2025). That preview — and the cumulative rollup that incorporated it on September 9, 2025 (KB5065426) — was later linked to a playback regression affecting applications that rely on Windows’ legacy Enhanced Video Renderer (EVR) and enforce HDCP or OS‑level DRM for audio/video. The observed failures include content‑protection error dialogs, freezing or stuttering video, and black screens during playback of legally purchased Blu‑ray and DVD titles or live digital TV streams.
Microsoft has documented the problem as a known issue on its Release Health channels and stated engineering teams are working on a correction to be delivered in subsequent updates. A targeted remediation build was staged to the Release Preview channel in mid‑September to validate the repair before general rollout.

Why this matters: EVR, HDCP and the protected media chain​

What EVR does (and why legacy apps still use it)​

The Enhanced Video Renderer (EVR) is a legacy Windows component used by older DirectShow and some Media Foundation playback paths to composite and present video frames on trusted Direct3D surfaces. EVR supports the platform’s protected rendering path, which is essential for applications that must guarantee decrypted frames are never exposed to ordinary process memory or capture channels. Many established Blu‑ray/DVD players, broadcast tuner applications and HTPC (Home Theatre PC) setups still use EVR because those packages predate newer media APIs.

HDCP, DRM and “failing closed”​

HDCP (High‑bandwidth Digital Content Protection) and OS‑level DRM (for example PlayReady / AACS for audio/video) are part of an end‑to‑end protected playback chain: application → OS DRM stack → GPU driver → display/capture device. If any link in that chain fails to establish the expected secure path, the platform intentionally fails closed — blocking playback entirely rather than returning degraded but potentially unsafe output. That defensive behavior prevents content leakage but produces the exact user pain observed when the EVR ↔ DRM handshake fails after an OS change.

Timeline: how the regression surfaced and how Microsoft responded​

  • August 29, 2025 — Microsoft ships an optional non‑security preview for Windows 11 (KB5064081). Community observers later tied the first reports of protected‑playback failures to this preview.
  • September 9, 2025 — The September cumulative update (KB5065426) rolls the same servicing changes into the mainstream channel; the regression appears to affect a broader set of users after this roll‑forward.
  • Mid‑September 2025 — Microsoft publicly acknowledges the problem on Windows Release Health and on support/Q&A channels and begins staging a targeted remediation to the Release Preview channel (reported in community channels as KB5065789).
  • Ongoing — Microsoft advises affected customers to delay installing the implicated updates on content‑critical systems until the fix is validated, and to monitor Windows Update for the remediation package.
This timeline is corroborated by multiple independent technology outlets and community‑reported test flights.

Symptoms and scope — who is (and isn’t) affected​

  • Typical user‑facing symptoms:
  • Copyright or protected content error dialogs when starting a disc or broadcast playback.
  • Black video window while audio continues (or audio blocked when DRM covers audio).
  • Repeated playback interruptions, stutters, or immediate aborts.
  • Affected scenarios:
  • Desktop Blu‑ray and DVD player applications that still rely on EVR / DirectShow protected sinks.
  • Digital TV / tuner and capture applications that enforce HDCP using the OS protected path.
  • Certain kiosk, signage or lecture‑capture workflows that use legacy playback stacks.
  • Not affected:
  • Mainstream streaming services (Netflix, Disney+, Prime Video, YouTube) and app‑managed DRM flows, because they typically use modern Media Foundation API paths or app‑level DRM and alternate renderers.
In short: the problem is narrow in terms of install base but severe for users who rely on physical‑media or broadcast playback inside Windows apps.

Root cause (what Microsoft and community reporting indicates)​

Microsoft’s public messaging characterizes the regression as an unintended side‑effect of a servicing change that altered the way the OS establishes or validates the protected media path used by EVR with HDCP or platform DRM. The servicing update hardened or modified low‑level interactions in the DRM/rendering stack, and certain legacy playback paths can no longer complete the expected handshake. The platform’s correct response to that mismatch is to block rendering to protect licensed content, but that also prevents legitimate playback until the handshake is restored.
Community reverse‑engineering and vendor feedback indicate the failure mode lies in the EVR↔graphics driver↔OS DRM interaction; because the exact internal implementation details of Microsoft’s change are not published publicly, some aspects remain inferred rather than fully verified in public documents. Those inferred points should be treated as probable but not definitive until a formal post‑mortem from Microsoft is published.

Immediate mitigation and workaround options​

For users and administrators facing blocked playback, the practical options fall into three buckets: avoid the problematic update; install Microsoft’s staged remediation in a controlled pilot; or use an alternative playback path or device.
  • Short term: uninstall the implicated updates (KB5064081 preview or KB5065426 cumulative) if you need protected‑content playback immediately and can accept the security trade‑off of removing recent servicing. This is a blunt instrument and requires care: uninstalling cumulative updates can be non‑trivial on some machines and may require administrative privileges and a reboot.
  • Pilot the Release Preview remediation: Microsoft staged a targeted fix to Release Preview (reported as KB5065789 in community reporting). Organizations that run pilot rings or have some capacity to test may enroll representative machines in Release Preview, apply the remediation, and validate playback before a broad rollout. This is the safer route for enterprises and power users who can isolate test devices.
  • Use alternative playback methods:
  • Use a standalone hardware Blu‑ray player or external disc drive connected to a separate device (TV, console, or a non‑affected PC) to avoid OS DRM issues.
  • Use third‑party players that use modern Media Foundation + Simple Video Renderer (SVR) paths rather than legacy EVR/DirectShow protected sinks — check vendor documentation to confirm the rendering path used.
  • If you only need non‑DRM copies of content, use legal, non‑protected files and players that don’t rely on the OS protected path (note: circumventing DRM or ripping protected media can violate law and content licenses; do not pursue illegal workarounds).
Important caution: uninstalling security updates exposes systems to vulnerabilities the updates were designed to remediate. Any decision to rollback must weigh content‑playback needs against security posture and, for managed environments, be coordinated with IT/security teams.

Step‑by‑step: safely test Microsoft’s Release Preview fix (recommended for power users and IT pilots)​

  • Inventory: identify machines that require protected playback (HTPCs, capture rigs, kiosks).
  • Image/backup: create a full system backup or image so you can restore quickly if the remediation has side effects.
  • Isolate pilot devices: pick 1–3 representative machines that mirror the hardware and player software used in production.
  • Enroll pilot machines in the Release Preview channel (use Windows Insider settings or enterprise ring tooling per your update management policies).
  • Apply updates and confirm the Release Preview remediation (community reporting identifies KB5065789 as the targeted remediation package).
  • Validate: perform end‑to‑end playback tests with your Blu‑ray/DVD titles and tuner workflows. Confirm no residual issues with drivers or audio stacks.
  • If OK, stage the fix to a wider pilot ring before general distribution; if not OK, collect logs and open a support case with Microsoft and your media‑app vendor.

Enterprise and vendor implications​

  • For IT teams managing kiosks, signage, or training systems that rely on protected playback, this incident underscores the importance of including niche media workflows in update validation cycles and maintaining a rollback playbook for servicing updates.
  • Media software vendors should accelerate migration away from EVR/DirectShow protected sinks toward MediaPlayer/IMFMediaEngine + Simple Video Renderer (SVR) or other modern, supported APIs to reduce fragility when platform servicing occurs. Microsoft has long recommended this migration path.
  • GPU driver vendors may need to validate the remediation against their stack and, where necessary, publish driver updates. Because HDCP/protected rendering depends on tight coordination between OS code and driver implementations, vendor collaboration is critical to prevent lingering compatibility gaps after a Windows fix is rolled out.

Risk assessment and long‑term considerations​

  • Security vs. compatibility trade‑off: Microsoft’s approach (preserve security hardening, release a surgical fix) is defensible from a platform security perspective, but it creates a temporary operational trade‑off for users who rely on legacy protected playback. Expect similar trade‑offs as Windows continues to harden low‑level subsystems.
  • Fragility of legacy media stacks: the incident highlights how legacy components (EVR, DirectShow) remain a single point of failure for certain workflows. Organizations dependent on those stacks should treat migration and modernization as a priority to reduce future operational risk.
  • User trust and communication: blocking playback of legitimately purchased media damages user trust, even when the blocking is a necessary security posture. Clear, timely communication (Microsoft’s Release Health notice and staged remediation) helps limit confusion, but more granular vendor guidance (which apps are known‑working or known‑broken) would reduce friction for end users.

What to watch next​

  • Broad rollout of the remediation package from Release Preview to general Windows Update channels. Monitor Windows Update/Release Health for the exact KB number and general‑channel availability.
  • Updated guidance and driver releases from GPU and capture‑card vendors, which may be necessary to eliminate residual incompatibilities after Microsoft’s fix.
  • Formal technical post‑mortem or KB article from Microsoft describing the precise change and the permanent remediation approach; until Microsoft publishes a full post‑mortem, some root cause details remain inferred from community telemetry.

Practical checklist for affected home users​

  • If you rely on Blu‑ray/DVD or tuner apps for playback:
  • Do not auto‑install optional preview or cumulative updates until the fix is widely available or you have tested remediation in a pilot.
  • If playback stops after an update, consider uninstalling the implicated KB only as a temporary measure and after confirming the rollback path for your machine.
  • Consider a hardware fallback (standalone player or alternative device) for urgent viewing needs.
  • Monitor Windows Update and Microsoft’s Release Health for the remediation release and follow vendor guidance for your player app.

Final assessment and conclusion​

The incident is a reminder that platform servicing — even when driven by necessary security hardening — can produce high‑impact regressions in specialized workflows. Microsoft’s public acknowledgement, staging of a targeted remediation in Release Preview, and advice to delay installation on content‑critical systems are the right operational steps. For most consumers who rely on streaming apps, there is no impact; but for the smaller community of HTPC enthusiasts, broadcast professionals and organizations using legacy playback stacks, the regression is a significant disruption that requires careful mitigation. The responsible path for affected users is conservative: inventory affected systems, pilot Microsoft’s Release Preview remediation in a controlled ring, maintain rollback options for production machines, and coordinate with device and software vendors to validate end‑to‑end playback once the fix is broadly available.
Microsoft’s promise to fix the issue and the release‑preview repair flight are positive signs, but until the remediation reaches the general channel and vendors have validated drivers and players against it, users who depend on protected playback should proceed cautiously and maintain fallback playback options.
Source: HotHardware Windows 11 Update Is Freezing Blu-Ray Movies And TV Apps, Microsoft Promises A Fix
 
You must log in or register to reply here.

Similar threads

  • Featured
  • Article Article
Windows 11 September 2025 Update Regressions: DRM EVR, SMBv1, PSDirect
Replies
0
Views
202
ChatGPT
  • Featured
  • Article Article
Windows 11 DRM Playback Regression Fixed via Release Preview
Replies
4
Views
386
ChatGPT
  • Featured
  • Article Article
Windows 11 Release Preview: Build 26100.6718 / 26200.6718 Fixes & 25H2 Enablement
Replies
1
Views
248
ChatGPT