Navigation section

Windows 11 25H2 Regressions: DRM Playback and WUSA Install Issues

  • Thread Author
Microsoft has acknowledged multiple early regressions tied to the September servicing cycle even as Windows 11 version 25H2 begins rolling out, with two confirmed, actionable issues: a DRM/HDCP playback regression that can break Blu‑ray/DVD and some digital‑TV applications, and a separate WUSA (.msu) installation bug that can fail when installing updates from a network share containing multiple .msu files.

Illustration of Windows 11 25H2 regressions, featuring bugs and release notes.Background / Overview​

Windows 11 version 25H2 is being distributed as an enablement package layered on top of the 24H2 servicing stream rather than a ground‑up kernel release. That means many of the binaries are already present in 24H2 and the September servicing cadence (including preview updates published late August and September) carried changes that produced two narrow but painful regressions for specific scenarios. Microsoft has documented the protected‑playback problem in its Release Health / Microsoft Support notes and marked it as a known issue; a targeted remediation was staged to the Release Preview channel. Microsoft also described the WUSA/.msu network‑share failure and offered mitigations for managed environments while rolling out a fix via Known Issue Rollback for many devices. (support.microsoft.com)
Why this matters: for most everyday users who consume streaming video or use modern UWP/browser DRM paths, the regressions are invisible. For specific user groups—home‑theater PC owners, Blu‑ray collectors, broadcast/tuner users, kiosk/digital‑signage systems, and some IT deployment workflows—the impact can be directly service‑affecting. Community reporting and support threads show the same symptoms repeated across multiple environments, which is why Microsoft promoted a fix through Release Preview rather than a full rollback.

What Microsoft confirmed (the facts)​

  • Problem 1 — Protected playback failure in some Blu‑ray/DVD/Digital TV applications: Microsoft confirmed that after installing the August 29, 2025 preview update (KB5064081) or the September 9, 2025 cumulative update (KB5065426, OS Build 26100.6584), some applications that rely on the legacy Enhanced Video Renderer (EVR) with HDCP enforcement or platform DRM for digital audio may fail to play protected content. Symptoms include copyright‑protection errors, frequent interruptions, freezing, or black screens. Microsoft says streaming services using modern DRM pipelines were not broadly affected. Microsoft has staged a remediation to Release Preview (small preview update, KB5065789) and lists the issue on its known‑issues page. (learn.microsoft.com)
  • Problem 2 — WUSA (.msu) installation failures from network shares: Microsoft also confirmed an issue where the Windows Update Standalone Installer (WUSA) may return ERROR_BAD_PATHNAME when attempting to install .msu packages from a network share that contains multiple .msu files. The behavior was traced to updates released on or after May 28, 2025 (beginning with KB5058499). Microsoft mitigated the problem for many consumer and non‑managed business devices using Known Issue Rollback (KIR) and advised managed environments to apply the KIR Group Policy or copy .msu files locally as a workaround. Independent reporting and community threads corroborate this guidance. (support.microsoft.com)
These are Microsoft’s official positions; timeline and KB identifiers are verified in Microsoft Support/Release notes and public Q&A entries. (support.microsoft.com)

Technical nuts and bolts: why these specific failures occurred​

EVR, HDCP, DRM — a brittle chain​

Protected playback in Windows historically relies on an end‑to‑end chain that includes the application, the platform DRM stack, the renderer (EVR in many legacy apps), GPU drivers, and the display (HDCP). This chain is intentionally conservative: if the platform cannot establish a trusted protected path, playback is designed to “fail closed” to satisfy content licensing rules. A servicing change that hardened or altered parts of this handshake can therefore break otherwise‑functional players if the legacy EVR path or a vendor driver does not match the tightened expectations. That exact interaction is what Microsoft cites as the cause of the playback regressions, and independent explainers in community forums and trade outlets echo that technical diagnosis. (techradar.com)

WUSA and .msu handling​

WUSA uses the Windows Update Agent API to extract and install update packages (.msu). The reported ERROR_BAD_PATHNAME behavior only appears when an administrator runs WUSA or double‑clicks an .msu from a network share that contains multiple .msu files in the same directory. The presence of several .msu files apparently confused the installer’s path resolution or validation checks introduced or altered by the May/June servicing changes, producing the error. Microsoft’s short‑term recommendation for those who rely on WUSA is to copy .msu files to a local path before installing or use the Known Issue Rollback policy for managed devices. (bleepingcomputer.com)

Who is affected — scope and impact​

  • Affected (high‑impact, narrow population)
  • HTPC users who play physical Blu‑ray/DVD discs in legacy desktop players using EVR.
  • Digital TV/tuner capture apps and broadcast ingest tools that rely on the OS protected rendering paths.
  • Kiosks, digital signage, and lecture‑capture systems tied to legacy protected pipelines.
  • IT shops that deploy .msu files via WUSA from network shares containing multiple .msu files.
  • Not broadly affected
  • Consumers who primarily use streaming services and modern browser/UWP applications: these generally use their own DRM stacks or modern renderers (IMFMediaEngine/SVR) and were not widely reported as impacted.
  • Typical home users who receive automatic cumulative updates via Windows Update (many of whom were protected by Microsoft’s staging and KIR mechanisms).
Community forums and aggregated thread archives document multiple real‑world reproductions of the symptoms—black frames, copyright errors, and WUSA path errors—so this is not an isolated anecdote.

Mitigations and workarounds (practical, step‑by‑step)​

If you rely on affected playback or you manage update deployments, here are prioritized, practical mitigations.

For consumers and HTPC users (Blu‑ray/DVD/tuner playback)​

  • Pause installing the optional preview updates (KB5064081) and defer the September cumulative update if you use EVR‑based players for protected playback. Test before broad deployment.
  • If you have already installed the implicated updates and see playback failures:
  • Install the Release Preview remediation (the small preview fix Microsoft staged, KB5065789) in a test environment first to validate your specific player. Microsoft reports the fix has been staged to Release Preview; the official Support entry shows the playback problem is partially addressed in that build. (support.microsoft.com)
  • Try alternate playback software that uses modern Media Foundation APIs or browser‑based players that manage DRM internally.
  • Use a standalone hardware Blu‑ray player or an unaffected device as a short‑term fallback.
  • Keep GPU and display drivers up to date. Vendor drivers are a common weak link in the protected playback chain; coordinate with GPU/OEM support pages for validated driver versions.

For IT admins and enterprise deployments (WUSA / .msu)​

  • If you deploy .msu files from network shares, copy the .msu packages to a local folder on the target machine before running WUSA; this bypasses the network‑share path parsing issue.
  • Apply Microsoft’s Known Issue Rollback Group Policy if you manage environments where KIR is required to mitigate the behavior centrally; Microsoft has released guidance for managed devices. (bleepingcomputer.com)
  • Consider using alternative deployment methods for servicing offline or air‑gapped systems: extract the .msu and deploy the contained .cab via DISM or use your favored patch‑management tooling.
  • Monitor the Windows Release Health page and OEM advisories; Microsoft stages fixes to Release Preview for validation prior to broad rollout. (support.microsoft.com)

Timeline and confirmations (what we validated)​

  • May 28, 2025 — Microsoft published preview update KB5058499 (OS Build 26100.4202). Issues stemming from updates released on or after this flight were later implicated in the WUSA/.msu problem. (support.microsoft.com)
  • August 29, 2025 — Non‑security preview update KB5064081 was published and community testers first reported DRM playback regressions after this preview.
  • September 9, 2025 — Cumulative update KB5065426 (OS Build 26100.6584) consolidated the servicing changes and reproduced the playback problems in production environments.
  • Mid–late September 2025 — Microsoft acknowledged the EVR/DRM regression publicly on Windows Q&A and the Release Health/Support pages and staged a targeted fix to Release Preview (KB5065789). Microsoft’s Release Preview and support notes list the protected‑playback issue and indicate a partial resolution in the preview fix. (learn.microsoft.com)
  • Microsoft also documented the WUSA ERROR_BAD_PATHNAME symptom and advised the workaround of copying files locally; mitigations for many consumer devices were rolled out via KIR, while managed customers were given a KIR Group Policy option. (bleepingcomputer.com)
Where dates, KB numbers, and build numbers are quoted above, they have been cross‑checked against Microsoft Support pages and the Release Preview blog posts. (support.microsoft.com)

Critical analysis — what this episode reveals about Windows servicing​

Strengths: staged rollout and surgical fixes​

Microsoft’s layered servicing model—preview builds, Release Preview validation, and Known Issue Rollback—worked as intended to limit broad damage. Rather than rolling back large security hardenings, Microsoft prepared a surgical remediation (KB5065789) and validated it in Release Preview first. For the WUSA problem, KIR allowed Microsoft to mitigate many consumer cases automatically without forcing enterprises through emergency patches. These are risk‑mitigation patterns that reduce blast radius compared with a full rollback of security updates. (support.microsoft.com)

Weaknesses: backward compatibility cost and test surface fragmentation​

However, the recurrence of regressions in legacy media paths underscores a persistent fragility: decades‑old APIs and renderers like EVR remain in real use and are easy to break when the platform tightens security or adjusts initialization sequencing. That fragility is compounded by a fragmented driver and middleware ecosystem (GPU drivers, audio middleware, tuner vendors), making complete pre‑release validation extremely challenging. The practical result is a trade‑off between improving security and preserving long‑tail compatibility; here, the security‑first changes produced legitimate user pain.

Risks to watch​

  • Residual breakage even after the Release Preview repair: because the protected path touches GPU drivers and firmware, mismatched driver versions could leave some users still blocked until vendor drivers are updated or validated.
  • Enterprise operational impact: organizations that depend on protected playback (training, compliance, broadcast ingest) may face downtime if they adopt updates without pilot testing.
  • Perception and trust: blocking playback of legitimately purchased content creates outsized frustration for affected households and hobbyists, and can drive heavy support demand.
Where Microsoft has not published full, low‑level root‑cause technical detail, vendors and admins must rely on staged fixes and hands‑on validation. Until a public post‑mortem appears, some environmental specifics remain necessarily partially unverifiable—treat those details cautiously and validate in your own lab before mass deployment.

Recommendations — short and long term​

For home users and hobbyists​

  • If you use a third‑party Blu‑ray/DVD player, HTPC, or TV tuner app: pause optional/unnecessary updates for a week or two until Microsoft confirms the fix has reached the general channel for your device. Test playback after any update.
  • Keep drivers current: check GPU and display firmware pages from the OEM, and install driver updates after you validate they are compatible with the patched OS build.
  • Use a hardware Blu‑ray player or alternate device if you need guaranteed playback immediately.

For IT admins and enterprises​

  • Expand your pre‑deployment test matrix to include legacy workflows: physical‑media playback, tuner/capture pipelines, EVR/DirectShow paths, and NetBIOS/SMBv1 fallbacks.
  • Apply the Known Issue Rollback policy where guided by Microsoft for managed devices and monitor Release Health telemetry before mass deployment. (bleepingcomputer.com)
  • For .msu deployments, change the default process: stage .msu files on a local share or local folder on target machines or use DISM to deploy the extracted .cab packages.
  • Run a small pilot that mimics production hardware (GPU, video capture, tuner cards) before broad rollouts and maintain tested rollback plans.

What remains uncertain (and what to watch next)​

  • Exact timeline for broad availability of the EVR playback fix in the general channel: Microsoft staged KB5065789 to Release Preview and described it as a partial resolution; the date for full inclusion in cumulative updates depends on validation telemetry and vendor coordination. Administrators and consumers should watch the official Windows Release Health and Support pages for the general‑channel release notice. (support.microsoft.com)
  • Comprehensive vendor responses: although Microsoft’s repair addresses the platform component, some GPU and capture drivers may still require updates. Confirm with OEM and capture‑card vendors whether they’ve validated the Release Preview fix against their drivers.
Any claims about complete resolution across all hardware configurations would be premature until the fix propagates widely and vendors confirm compatibility; treat such statements with caution and validate in your environment before wide deployment.

Conclusion​

Windows 11 version 25H2’s initial rollout highlights two important realities of modern OS servicing: improvements and security hardenings often ripple through decades of legacy APIs, and staged fixes (Release Preview, KIR) are Microsoft’s preferred mitigation strategy to limit mass disruption. For most users the regressions are contained and avoidable, but for AV‑heavy households, HTPC enthusiasts, broadcast operators, and admins who deploy .msu packages from network shares, these issues are material and require immediate mitigation steps—either by delaying the implicated updates, applying Microsoft’s staged fixes in a pilot, or using the practical workarounds described above. Microsoft’s public notes and staged fixes confirm the problem and the path to remediation, but until the fixes land broadly and vendors validate drivers, cautious testing remains the best practice.
Source: Windows Central Windows 11 version 25H2 has only just launched, but there's already issues to be aware of
 

Click to expand...
You must log in or register to reply here.
Back
Top