Windows 11 23H2 KB5065790 Preview: Targeted Reliability fixes and SMBv1 mitigation

Microsoft has rolled out an optional, non‑security preview update for Windows 11 version 23H2 — KB5065790 — delivering a compact set of targeted reliability fixes (SIM PIN sign‑in freezes, multi‑monitor RDP/docking crashes, Chinese IME rendering, print‑queue crashes and carrier profile updates) and a mitigation for an SMBv1/NetBT connectivity regression introduced in the September servicing window.

Background / Overview​

Microsoft uses periodic optional "C" or preview releases to stage fixes ahead of the next Patch Tuesday rollup. KB5065790 is one such preview LCU (Latest Cumulative Update) published to the Release Preview channel and to the Microsoft Update Catalog as a manual .msu installer for administrators and power users who want to validate fixes before broader distribution. The update is explicitly non‑security in scope and focuses on reliability and compatibility corrections rather than new features.
This delivery arrived against a compressed servicing calendar: Windows 11, version 23H2 (Home and Pro) is scheduled to reach end of servicing on November 11, 2025. That deadline makes November and October servicing behavior more consequential for admins still on 23H2. For many organizations the practical question is not just whether to apply a preview patch, but whether to accelerate an upgrade off 23H2.

---

What KB5065790 actually fixes​

The official Release Preview notes list a short, concrete set of fixes. Each item here has practical, reproducible symptoms and a targeted correction in the servicing package.

Authentication: SIM PIN sign‑in freeze (mobile broadband / WWAN / eSIM)​

• Symptom: On devices with WWAN/eSIM, the Windows sign‑in screen could stop responding after a user entered the SIM PIN, leaving the device at an unresponsive sign‑in prompt.
• Fix: KB5065790 adjusts the sign‑in flow to prevent the UI deadlock when SIM PIN entry is required during authentication.
• Why it matters: Devices used in the field, boarding‑gate kiosks, point‑of‑sale, or corporate laptops that require SIM PIN entry are effectively blocked by this bug; restoring predictable sign‑in flow reduces helpdesk escalations and downtime.

Display kernel / Remote Desktop Protocol (RDP) and docking stability​

• Symptom: RDP sessions using multiple monitors could cause an unexpected system shutdown when disconnecting from a dock (particularly during streaming scenarios).
• Fix: The update modifies display configuration handling during RDP sessions to avoid that shutdown trigger.
• Why it matters: Remote workers, test labs and VDI farms that rely on dynamic docking/undocking and multi‑monitor sessions are at risk of abrupt shutdowns and data loss; this correction reduces the frequency of high‑impact interruptions.

Input: Chinese IME rendering​

• Symptom: Some Chinese characters either failed to render correctly or appeared as empty boxes inside certain text fields (notably some admin tools like Connection Manager Administration Kit) when character limits were applied.
• Fix: IME and text rendering fixes to ensure Chinese glyphs appear correctly in affected UI components.
• Why it matters: Any language‑input regression is disproportionately disruptive for multilingual deployments; correctness of IME rendering is essential for productivity in enterprise and consumer contexts.

Browser / Internet Explorer (IE) mode in Microsoft Edge​

• Symptom: Edge running in IE compatibility mode could stop responding on certain same‑domain redirects.
• Fix: Stability improvements when encountering those redirect flows in IE mode.
• Why it matters: Enterprises that still depend on IE mode for legacy intranet apps benefit from a more robust compatibility path, reducing helpdesk tickets for stalled Edge sessions.

Country and Operator Settings Asset (COSA)​

• Symptom: Out‑of‑date operator profiles can impede WWAN provisioning and eSIM behavior.
• Fix: Updated operator profiles for certain mobile carriers.
• Why it matters: Cellular provisioning and APN/profile behavior are essential for mobile workforce and IoT endpoints; refreshed COSA profiles reduce provisioning failures.

Printer UI: Shared print queue crash​

• Symptom: Viewing the print queue for a shared printer in Settings could cause the Print Queue UI to stop working.
• Fix: Repair to the Print Queue Settings path so shared queues render reliably.
• Why it matters: Print server and shared‑printer scenarios in enterprise environments generate user disruption and support calls when the UI crashes; this fix reduces that noise.

System services and reliability: McpManagement metadata​

• Symptom: The McpManagement service could appear without a service description.
• Fix: Restored expected service metadata for clarity in administrative tooling.
• Why it matters: Cosmetic, but helpful for administrators who rely on service metadata when diagnosing issues.

Networking (SMBv1 / NetBT regression) — important mitigation included​

• Symptom: Following September 2025 security updates, Microsoft acknowledged a regression where clients using legacy SMB v1 over NetBIOS over TCP/IP (NetBT) might fail to connect to shared files and folders. Microsoft posted a service alert and suggested a TCP/445 workaround (allow traffic on 445 so SMB falls back to direct TCP).
• Fix: KB5065790 includes a mitigation for Windows 11, version 23H2 that addresses that SMBv1/NetBT connectivity regression.
• Why it matters: Many shops still run legacy devices or appliances that only speak SMBv1; while SMBv1 is deprecated and insecure, the reality of printing devices, NAS units or embedded appliances means connectivity regressions have urgent operational impact. The KB provides a stopgap while organizations plan migration off SMBv1.

Independent reporting and specialist blogs picked up this SMBv1 mitigation quickly; community analyses identify this as one of the higher‑impact fixes in KB5065790 because it restores access for legacy sharing workflows impacted by the September security updates.

---

How to obtain and install KB5065790​

There are three common distribution paths for preview LCUs like KB5065790:

• Windows Update (Release Preview ring / optional updates): If a device is enrolled in Release Preview or configured to receive optional previews, KB5065790 will appear in Settings > Windows Update as an optional/preview download.
• Microsoft Update Catalog: Download the .msu offline installer for the exact SKU and architecture and install manually using WUSA or DISM. This is the fallback for managed environments and offline servicing.
• Managed distribution: WSUS, Intune, or other enterprise update mechanisms that permit preview/optional updates can be used to pilot and stage the package.

Practical installation steps for administrators and power users:

• Confirm Windows build and SKU: run winver and verify you're on Windows 11 version 23H2 (22631.x or 22621.x baselines as appropriate).
• Visit the Microsoft Update Catalog and download the matching .msu for x64 or Arm64.
• Optionally verify the file hash: Get-FileHash -Path C:\Path\To\windows11.0-kb5065790.msu -Algorithm SHA256.
• Install interactively by double‑clicking the .msu, or silently using:
• wusa.exe C:\Path\To\windows11.0-kb5065790.msu /quiet /norestart
• For image servicing or scripted deployments: DISM /Online /Add‑Package /PackagePath:C:\Path\To\windows11.0-kb5065790.msu
• Reboot when convenient and confirm the install by checking winver or Setup/Windows Update logs.

Important packaging note: Microsoft often bundles the Servicing Stack Update (SSU) with the Latest Cumulative Update (LCU) into combined MSU packages. Once an SSU is installed it cannot be removed; administrators must plan rollbacks accordingly because only the LCU portion is removable via DISM.

---

Deployment advice: who should pilot this patch and how​

KB5065790 targets a set of distinct, high‑impact failure modes. Adopt a measured rollout strategy:

• Priority pilots (apply immediately in a controlled ring)
• Devices that actually experienced the SIM PIN sign‑in freeze (WWAN/eSIM devices).
• Docked laptops and RDP host/client systems that were affected by multi‑monitor shutdowns.
• Systems relying on SMBv1/NetBT that lost access after September security patches.
• Secondary pilots (apply after initial verification)
• Mixed fleets without reported symptoms but where docking hardware and display drivers are heterogeneous.
• Multilingual deployments to validate Chinese IME fixes in locally used enterprise apps.
• Conservative approach (skip preview if unaffected)
• If your organization is unaffected and plans to upgrade to Windows 24H2 (or later) before the 23H2 EOL date, you may decide to skip this optional preview and wait for the October/November cumulative rollups that will fold validated fixes into mainstream Patch Tuesday packages.

Best practices for pilot and rollout:

• Pilot for 48–72 hours at a minimum and monitor event logs, application telemetry and user reports.
• Snapshot images or have rollback plans — because SSU components persist, full system images are the safest recovery mechanism.
• Coordinate driver, docking firmware and WWAN vendor updates in tandem with the OS fix; hardware/firmware mismatches are common sources of residual instability even after an OS correction.
• For SMBv1 scenarios, treat the patch as tactical; plan a migration to SMBv2/SMBv3 or replacement hardware to eliminate long‑term risk.

---

Risks, limitations and what KB5065790 does not do​

• Optional preview updates carry a small risk of introducing regressions in unique hardware/driver stacks. Because KB5065790 interacts with display, WWAN and networking subsystems, environments with vendor‑specific stacks (GPU drivers, docking firmware, WWAN modems) should pilot carefully.
• The SMBv1 fix is a mitigation for an immediate regression; it is not an endorsement of continued SMBv1 use. SMBv1 is insecure and deprecated — the strategic action remains migration to modern SMB versions or replacement of legacy appliances. Allowing TCP/445 as a workaround reduces disruption but can alter network security posture.
• Because SSU+LCU packages may be used, uninstalling a combined package is non‑trivial; SSUs remain installed. Administrators should assume that full rollback may require image re‑deployment.
• KB5065790 is non‑security and preview—if you expect security coverage only from Patch Tuesday rollups, this update does not change that posture. Relevant fixes that make it past validation will be included in subsequent monthly cumulative updates.

---

Analysis: strengths, limits and who benefits most​

Strengths

• Highly targeted: The update addresses concrete, reproducible issues that caused real user and admin pain (sign‑in freezes, unexpected shutdowns during RDP/dock events, and print‑queue crashes). Small, focused patches reduce surface area for regressions while delivering immediate operational relief.
• SMBv1 mitigation: Restoring SMBv1/NetBT connectivity for affected 23H2 clients is an operational win in mixed legacy environments, buying time for migration.
• Easy manual deployment: Admins can test via Update Catalog and use standard WUSA/DISM flows, with documented tips for verification.

Limitations and risks

• Preview status: By definition this release is meant for validation. While fixes are real and useful, they are not hardened to the degree of cumulative security rollups.
• Dependency surface: Several fixes touch subsystems where vendor drivers or firmware may still be the root cause. OS patches reduce the incidence of issues but do not guarantee resolution if lower layers are faulty.
• Short servicing runway: The looming 23H2 end‑of‑servicing date for Home and Pro editions (November 11, 2025) changes the cost calculus for long‑term patching vs. upgrading to a supported baseline.

Who benefits most

• IT teams responsible for mobile WWAN/eSIM fleets, docked laptop fleets, RDP/VDI farms, and mixed environments with legacy SMB devices.
• Multilingual enterprises that require stable Chinese IME input behavior.
• Power users and administrators comfortable piloting Release Preview updates who need immediate relief from the enumerated bugs.

---

Recommended action plan (practical checklist)​

• Inventory and triage
• Identify devices that use WWAN/eSIM, docking stations and multi‑monitor RDP workflows, and any devices still relying on SMBv1/NetBT.
• Record build numbers (run winver) and note whether devices are on 22631.x or 22621.x baselines.
• Pilot
• Select representative machines (2–10 per scenario) and apply KB5065790 via Windows Update (if in Release Preview) or via the Update Catalog .msu.
• Monitor event logs, user reports and relevant application behavior for 48–72 hours.
• Validate and expand
• If pilot succeeds, expand to a larger pilot cohort (10–100 devices) while continuing monitoring.
• Coordinate driver and firmware updates (GPU, docking firmware, WWAN vendor drivers) before mass rollout where possible.
• SMBv1 remediation
• If SMBv1 devices exist, plan migration to SMBv2/SMBv3 or replacement. Use the TCP/445 workaround only as a temporary measure while migration is executed.
• Document exceptions and create an inventory of legacy appliances for an eventual upgrade or segmentation plan.
• Upgrade plan
• For consumer and unmanaged fleets on 23H2, prepare for upgrade to 24H2 (or later) ahead of the November 11, 2025 end‑of‑servicing deadline to maintain security update eligibility.

---

Final assessment​

KB5065790 is a compact, practical preview rollup aimed at removing several high‑visibility blockers and reducing support load for affected cohorts. It demonstrates Microsoft’s typical servicing playbook: use the Release Preview ring to stage fixes, provide offline installers for administrators, and fold validated corrections into the monthly cumulative update cycle.
Adopt a risk‑aware rollout: pilot on affected devices, coordinate vendor firmware/drivers, and maintain image‑based rollback options. Treat the SMBv1 correction as a tactical bridge, not a strategic endorsement; an accelerated migration off deprecated protocols should remain a priority.
For administrators with affected endpoints, KB5065790 is worth testing now; for the majority of users who see none of the specified symptoms and plan to upgrade from 23H2 before November 11, 2025, the update is optional and can be deferred until the fixes arrive in a mainstream monthly cumulative update.

---

(If you deployed or plan to deploy KB5065790, document the exact .msu you installed, the target build reported by winver, and any driver or firmware versions changed during the rollout. That information is indispensable for troubleshooting and for safe rollback planning.)

---

Source: thewincentral.com Windows 11 23H2 update KB5065790 available. Download Link.