Windows 11 KB5065789 Release Preview: DRM Playback Fix and Update Reliability

Microsoft’s Release Preview package KB5065789 (OS Build 26100.6725) landed as a targeted, non‑security preview on September 29, 2025, bringing a small set of reliability fixes for Windows 11 while also staging several AI and accessibility features behind gradual rollout controls.

Overview​

KB5065789 is an optional Release Preview update intended primarily for pilots, enthusiasts, and IT validation rings rather than immediate, broad deployment. The package is small by design: its headline work repairs a pair of high‑impact regressions that emerged from August–September servicing while consolidating modest UI and manageability polish and continuing Microsoft’s staged enablement approach for the 25H2 feature set.
At the operational level, the update’s most consequential changes are:

• A targeted remediation for DRM/HDCP playback failures that affected some Blu‑ray, DVD and digital‑TV applications after earlier servicing.
• A repair for a Windows Update failure (error 0x80070002) that prevented some Insiders from completing preview installs.
• Several stability and UI fixes (Settings/Storage crash, battery icon charging state, File Explorer polish) and backend enterprise work like CRL partitioning support for high‑scale Certificate Authorities.

These fixes arrive while a set of visible productivity features (notably the Click‑to‑Do “Convert to table with Excel” flow) remain delayed or server‑gated to a future flight, so organizations should not expect all headline AI features to be available immediately.

---

Background: why this preview matters​

The enablement and preview model​

Microsoft continues to deliver Windows feature updates using an enablement model: most binaries are present in servicing updates and a small enablement package flips the feature set between servicing baselines. Release Preview is therefore the last near‑final validation ring where Microsoft and customers can confirm compatibility and catch regressions before larger staged rollouts. KB5065789 follows that pattern and is explicitly intended for validation rather than broad production deployment.

Timeline that led to KB5065789​

• August 29, 2025: Microsoft published a non‑security preview (KB5064081) that later correlated with early reports of playback problems in legacy media players.
• September 9, 2025: Changes were folded into the September cumulative update (KB5065426), widening exposure to the regression.
• Mid‑September 2025: Microsoft acknowledged the behavior publicly on Release Health/Windows Q&A and began staging a targeted remediation to Release Preview.
• September 29, 2025: KB5065789 appears in the Release Preview channel as a focused fix/preview package while other features remain gated.

This sequence explains why KB5065789 is surgical in scope: Microsoft sought to preserve the intended security and servicing hardening while restoring narrowly affected media workflows and update reliability.

---

Technical summary: what KB5065789 changes​

DRM/HDCP playback repair​

A servicing change in August/September altered low‑level interactions in the protected media chain (the Enhanced Video Renderer (EVR) ↔ OS DRM ↔ GPU driver handshake). When that handshake failed, Windows correctly failed closed, blocking protected playback for certain legacy apps (Blu‑ray/DVD players, tuner/capture applications) rather than returning degraded output. KB5065789 contains a targeted remediation to restore those EVR‑based protected playback scenarios on affected configurations.
Important points and scope:

• Modern streaming clients and most app‑managed DRM flows (browser or UWP/WinUI players) were generally not affected, because they use different rendering/DRM integration paths.
• The regression was narrow in population but severe for users who rely on physical‑media playback or specialized capture workflows.

Windows Update fix (0x80070002)​

Some Insider participants experienced update failures with the long‑standing 0x80070002 code during preview installs; this update addresses manifest/catalog processing issues that led to aborted installs in a subset of devices and restores update success for those scenarios. KB5065789 therefore reduces a practical adoption blocker for release validation.

UI and reliability polish​

Smaller but visible fixes in the package include:

• Correcting a taskbar battery icon that could fail to show charging state.
• Fixing crashes when opening Settings → System → Storage or the File Explorer drive properties page.
• Miscellaneous desktop and gaming polish (hardware indicator popups, taskbar pinning behavior, Game Bar/multi‑monitor fixes) and updated emoji to Emoji 16.0 where applicable.

Enterprise and platform work​

KB5065789 added CRL partitioning support for Windows Certificate Authorities to help very large PKI deployments manage revocation lists more efficiently by splitting CRLs into smaller partitions. Administrators should validate replication and tooling before enabling partitioning.

---

Installation and deployment guidance​

Packaging and prerequisite order​

Microsoft distributes preview packages as combined MSU files and, in some cases, requires installation of prerequisites in a specific order. KB5065789’s servicing files may require ordering when deploying offline or via catalog downloads. Administrators should follow the MSU ordering guidance supplied with the KB and use DISM or Windows Update Standalone Installer for offline deployment. Community notes confirm DISM usage and provision the usual sequencing cautions.

Supported installation methods (practical steps)​

The typical deployment options are:

• Windows Update (recommended for most users): opt into Release Preview or check Windows Update for the optional preview offering and install through the normal UI. This ensures dependency handling and avoids manual ordering complexity.
• Offline/manual install (advanced or imaging scenarios):
• Gather all MSU packages required by the KB into a single folder.
• Use DISM to add packages online:
• DISM /Online /Add-Package /PackagePath:C:\Packages\Windows11.0-KB5065789-x64.msu
• Or run PowerShell: Add-WindowsPackage -Online -PackagePath "C:\Packages\Windows11.0-KB5065789-x64.msu"
• For offline images (mounted WIM):
• DISM /Image:mountdir /Add-Package /PackagePath:Windows11.0-KB5065789-x64.msu
• Or PowerShell: Add-WindowsPackage -Path "C:\offline" -PackagePath "Windows11.0-KB5065789-x64.msu" -PreventPending

These are standard, supported commands for MSU package application and match the packaging model used for Release Preview MSUs. Administrators should ensure the MSUs they download match the month and branch of the install media when servicing offline images.

• Windows Update Standalone Installer (wusa.exe): useful when a single MSU is known to be self‑contained and dependency ordering is trivial; however, in combined SSU+LCU packages, DISM and catalog ordering are safer for scripted deployments.

Rollback and recovery considerations​

• If you must remove an LCU, DISM’s Remove‑Package and wusa /uninstall can be used for LCUs; however, Servicing Stack Updates (SSUs) are not removable. MSU packaging sometimes bundles SSU + LCU, which complicates rollback and means imaging or full re‑deployment may be the safest recovery option in managed estates. Plan rollback and backups accordingly.

Recommended pilot strategy​

• Pilot KB5065789 on a representative subset that includes: media‑critical HTPCs, devices that previously failed with 0x80070002, devices with diverse GPU drivers and docking firmware, and a sample of enterprise endpoints for CRL partitioning validation.
• Observe update logs, event telemetry, application playback tests across affected players, and certificate revocation behavior in lab CA environments before enabling CRL partitioning on production CAs.

---

Practical mitigation options (if you were affected by earlier updates)​

If you experienced playback failures or the 0x80070002 update error after earlier August/September servicing, short‑term choices boil down to three paths: uninstall the problematic cumulative update, pilot Microsoft’s Release Preview remediation, or use alternative playback paths/devices. Each carries tradeoffs:

• Pause installations of KB5064081/KB5065426 on production, content‑critical machines until remediation is validated. This is safest but delays security/quality patches.
• Pilot the Release Preview remediations (KB5065789) in controlled rings to validate playback and update health before broad rollout. Release Preview is not recommended for production fleets without testing.
• If immediate playback is essential and rollback is acceptable, uninstall the problematic LCU (wusa /uninstall /kb:5065426 or DISM removal), while accepting the security tradeoffs of removing a cumulative update. Always back up or create an image before rollback.
• Try alternate players or replay paths that use Media Foundation / Simple Video Renderer (SVR) instead of EVR, if the application supports it, or use external physical players. Modern streaming clients were typically unaffected.

---

Analysis: strengths, tradeoffs, and risks​

Strengths​

• Surgical approach: Microsoft fixed two high‑visibility regressions without broadly rolling back security hardening, minimizing re‑exposure while restoring functionality. This is the conservative engineering posture expected for late servicing cycles.
• Operationally efficient enablement model: The enablement package approach continues to reduce upgrade downtime and simplifies broad 25H2 activation for devices already carrying the requisite binaries.
• Enterprise ergonomics: CRL partitioning addresses a real scalability pain point for large PKIs and is a welcome platform improvement for enterprise certificate management.

Risks and caveats​

• Residual edge cases: Not every instance of 0x80070002 shares the same root cause; some devices required deeper artifact recovery (component resets, DISM/SFC or in‑place repair ISOs). Administrators must be prepared with standard remediation runbooks.
• Driver/firmware interactions: Low‑level fixes in DRM, update plumbing, or certificate handling can surface unpredictable interactions with third‑party drivers (GPU, capture, docking). Coordinate vendor driver updates during pilot windows.
• Fragmented user experience: Microsoft’s gating of headline features by hardware entitlement or Microsoft 365/Copilot licensing produces heterogeneous UX across a fleet — communications and license planning are required for organizations adopting AI features.

Unverified or ambiguous claims​

Several community summaries circulated an assertion that an earlier update caused SSD failures during large file transfers. The dataset reviewed for this analysis did not corroborate that claim with vendor advisories or Microsoft documentation. Treat the SSD‑failure narrative as unverified until confirmed telemetry or official guidance appears. Collect logs and escalate to vendor/Microsoft support if you observe unusual storage behavior after updates.

---

What to watch next (operational checklist)​

• Confirm whether KB5065789 appears in your Windows Update console for Release Preview devices and test installs on non‑production machines.
• Validate playback across the specific Blu‑ray/tuner/capture applications you rely on; don’t assume all players behave the same because some vendor code paths differ.
• Keep GPU and capture drivers current and coordinate firmware updates for docking stations and WWAN modems if part of your fleet — mismatches are a common source of lingering issues.
• For PKI operators: test CRL partitioning in a lab CA topology, verify replication and tooling, and only enable in production after successful staged validation.
• Track Microsoft’s Release Health and the general availability rollout schedule; features delayed or gated in Release Preview may receive new rollout dates in subsequent cumulative updates.

---

Conclusion​

KB5065789 (OS Build 26100.6725) is a tightly scoped Release Preview package that prioritizes operational stability over headline feature exposure. It restores two user‑facing blockers — protected media playback in EVR‑dependent apps and an update failure class that stalled some preview installs — while delivering modest UI, accessibility, and enterprise manageability improvements. The update illustrates Microsoft’s current servicing tradeoffs: maintain security hardening and harden the platform while issuing surgical fixes for compatibility regressions. For administrators and power users the pragmatic approach is clear: pilot KB5065789 in representative rings, validate media and update workflows, coordinate driver/firmware updates, and reserve Release Preview for controlled validation rather than immediate production adoption. fileciteturn1file1turn1file5turn1file3

---

Source: Microsoft Support September 29, 2025—KB5065789 (OS Build 26100.6725) Preview - Microsoft Support

 

[ChatGPT]

Microsoft has released the September 2025 non‑security preview for Windows as KB5065789 — an optional Release Preview package that delivers targeted quality fixes (including a staged repair for protected playback regressions and a set of reliability patches) and ships as one or more MSU files that administrators can apply offline or via Windows Update channels.

Background / Overview​

The September preview cycle continues Microsoft’s pattern of shipping small, focused “C” (non‑security) updates to the Release Preview channel so administrators and advanced users can validate critical fixes before they are promoted into the regular monthly rollups. KB5065789 is distributed as MSU packages for Windows 11 servicing families (24H2 and 25H2 build series) and, depending on the target SKU and baseline, may be bundled with a Servicing Stack Update (SSU) or be delivered as a checkpoint‑style cumulative that has prerequisites.
Why Release Preview matters now: this preview is intentionally conservative — not a feature update but a set of reliability fixes for real‑world regressions discovered after the August/September cumulative updates. For some professional and enthusiast scenarios (protected media playback, legacy SMBv1/NetBIOS connectivity, Autopilot provisioning flows), these fixes remove operational blockers that appeared when broader monthly updates rolled out. Community testing and Microsoft’s Release Preview notes should guide production rollouts.

---

What’s inside KB5065789 — the practical summary​

KB5065789 focuses on a handful of distinct problem areas rather than broad feature work. The following is a concise list of the most relevant fixes and behavior changes that administrators and power users should know:

• A targeted repair for protected playback failures that affected some legacy EVR/DirectShow playback paths (Blu‑ray/DVD players, TV tuner/capture apps) after recent preview/cumulative updates. This is the remediation that was staged into Release Preview in mid‑September.
• Reliability fixes for multi‑monitor Remote Desktop (RDP) sessions and unexpected shutdowns when docking/undocking or disconnecting monitors in certain streaming scenarios.
• Resolutions for sign‑in hangs related to SIM PIN / mobile broadband during authentication workflows on WWAN/eSIM devices.
• Fixes for printer queue UI crashes when viewing shared printer queues in Settings.
• Input Method Editor (IME) rendering problems for certain languages (notably Chinese IME edge cases) corrected to prevent missing characters or empty blocks.
• Mitigations for an SMBv1 over NetBIOS (NetBT) connectivity regression that appeared after earlier September servicing; this preview delivers a specific correction for that regression on affected branches. Note: SMBv1 remains deprecated; these fixes are tactical.

Microsoft’s official release note for KB5065789 lists the builds and contains packaging instructions and prerequisites; the Release Preview blog and multiple community threads document the timeline and the real‑world symptoms that motivated the hotfix.

---

Packaging, prerequisites and how the MSU model works​

Microsoft ships cumulative/preview updates in a few packaging patterns administrators must understand:

• Single MSU (LCU) or combined SSU + LCU: Many recent packages include a Servicing Stack Update (SSU) paired with the Latest Cumulative Update (LCU). SSUs improve update reliability but are effectively permanent once applied. That means rollback options are limited and testing before broad deployment is required.
• Checkpoint cumulative chains: For some Windows 11 servicing branches, a target cumulative may require one or more checkpoint updates to be installed first; DISM and WUSA can automatically discover and apply prerequisites if the packages are placed together in the same folder. Microsoft documents this behavior in its DISM guidance.

Key technical points administrators must heed:

• If you download the MSU files from the Microsoft Update Catalog, confirm the files match your exact SKU (24H2 vs 25H2, Home/Pro vs Enterprise) and architecture (x64/ARM64).
• If an SSU is included in the package you plan to install, recognize that the SSU element is non‑removable — plan images and rollback strategies accordingly.
• For offline and air‑gapped scenarios, DISM’s /Add‑Package and PowerShell’s Add‑WindowsPackage can be used to service an offline or online image; the folder path can contain multiple MSUs and DISM will walk prerequisites if the files required are present.

---

Installation options — step‑by‑step and recommended commands​

Microsoft documents two main offline installation approaches for KB5065789: (A) place all required MSU files in a single folder and let the servicing tool discover and apply prerequisites; or (B) install MSU files individually in the required order. Both methods are valid — pick one that matches your deployment tooling and testing discipline. The official KB provides explicit command examples and a recommended order when multiple MSUs are required.

Method 1 — Install all MSU files together (recommended for automated or offline servicing)​

• Download all MSU files for KB5065789 from the Microsoft Update Catalog and place them in a single folder (for example, C:\Packages).
• Use DISM to install on a running PC (elevated Command Prompt):
• DISM /Online /Add‑Package /PackagePath:C:\Packages\Windows11.0‑KB5065789‑x64.msu
• Or use PowerShell (elevated):
• Add‑WindowsPackage ‑Online ‑PackagePath "C:\Packages\Windows11.0‑KB5065789‑x64.msu"
• For image servicing (offline mounted image), run from an elevated prompt:
• DISM /Image:C:\mountdir /Add‑Package /PackagePath:C:\Packages\Windows11.0‑KB5065789‑x64.msu
• Or PowerShell: Add‑WindowsPackage ‑Path "C:\offline" ‑PackagePath "Windows11.0‑KB5065789‑x64.msu" ‑PreventPending

These commands are consistent with Microsoft’s DISM documentation which notes that /PackagePath can point to a folder containing multiple MSU files; DISM will check applicability and install prerequisite checkpoint packages from that folder where needed.

Method 2 — Install each MSU file individually, in order​

If you prefer explicit control, download and install each MSU file in the sequence Microsoft lists. The KB and Update Catalog may show one or more MSU files with checksum names; install them in the stated order to avoid dependency failures. Example (the user‑visible filenames commonly look like):

• windows11.0‑kb5043080‑x64_953449672073f8fb99badb4cc6d5d7849b9c83e8.msu
• windows11.0‑kb5065789‑x64_199ed7806a74fe78e3b0ef4f2073760000f71972.msu

Install each with DISM or WUSA/wusa.exe (interactive or scripted):

• wusa.exe C:\Packages\Windows11.0‑KB5065789‑x64.msu /quiet /norestart

WUSA supports /quiet and /norestart switches for silent installs; it will also extract and apply checkpoint MSUs if you double‑click the final MSU while the prerequisites are co‑located in the same folder. Microsoft’s WUSA guidance documents the recommended behaviors for chains of checkpoint cumulative packages.

---

Testing, piloting and rollout guidance (practical playbook)​

This preview is optional; treat it as a validation artifact for production environments. The recommended rollout pattern for organizations is:

• Apply to a small pilot ring (5–10 representative devices) that includes hardware permutations: docking stations, WWAN/eSIM devices, capture/HTPC machines, and virtual machines that mirror production.
• Validate the specific workloads affected by earlier regressions: DRM playback in your players, RDP multi‑monitor scenarios, printer queue UI, and Autopilot OOBE flows where applicable. Record telemetry and event logs during the pilot window.
• If pilot is successful, expand to a broader test group (20–30% of fleet) for 48–72 hours while monitoring for regressions (EVENT IDs, Setup logs, Windows Update logs, and OEM driver/firmware alerts).
• For large fleets, stage the SSU portion first on the pilot to confirm update plumbing behaves as expected; consider image snapshots and OS rollback plans because SSUs are persistent and complicate clean rollback.

Practical checks during validation:

• Confirm the OS build reported by winver or via Setup logs matches the KB’s targeted build numbers (the KB lists the build revisions for 24H2/25H2 and for 23H2 branches where applicable).
• Test protected‑playback workflows with the exact applications and hardware used in production; note that modern streaming apps were not affected — the regression targeted legacy EVR/DirectShow protected rendering paths.
• Verify WWAN/eSIM sign‑in works as expected on cellular devices and test Autopilot ESP flows on a lab Autopilot tenant if you manage such devices.

---

Troubleshooting and rollback notes​

• If you experience issues after installing a preview LCU, you can uninstall the LCU portion using Windows Update > Update history > Uninstall updates or DISM /Remove‑Package where applicable. Uninstalling may not revert SSU changes.
• If updates fail due to 0x80070002 or similar servicing errors, follow standard remediation: reset Windows Update components, run DISM /Online /Cleanup‑Image /RestoreHealth, run SFC /scannow, and consider in‑place repair from the Release Preview ISO if problems persist. Community guidance collected during the September cycle emphasizes these runbooks.
• For content owners and HTPC operators affected by protected playback regression, the two practical short‑term options were: (a) pause Windows Update on the playback machine until a validated fix reaches the production channel, or (b) uninstall the offending cumulative update if the device requires immediate restoration of playback. Both carry risk and require backups.

Caveat: some edge‑case failures reported to community forums required in‑place repair (Release Preview ISO) to fully restore update components. If you manage critical systems, ensure image‑level recovery is available before you apply SSU+LCU combinations.

---

Security, device lifecycle and the larger servicing context​

Although KB5065789 itself is a non‑security preview, it appears within a servicing season that's been notable for two wider operational headlines:

• Microsoft’s multi‑year program to refresh Secure Boot signing certificates (the “2011 CA family” replacement with 2023 CA family) and the related expiry windows beginning mid‑2026. Administrators should inventory Secure Boot‑enabled devices and coordinate with OEMs to ensure firmware will accept CA updates before expiry windows. This is a separate but cross‑cutting rollout that appears in September servicing advisories and must be handled proactively. This is a time‑sensitive, fleet‑level operational task and requires OEM coordination.
• Late‑cycle servicing during an OS lifecycle endpoint (Windows 10/11 servicing deadlines in 2025) heightens the importance of validating fixes in preview channels ahead of the final production rollouts. When a servicing branch approaches EOL, the optional preview channel becomes an important validation window for administrators.

Flag on unverifiable claims: third‑party analyses sometimes extrapolate the percentage of devices that will need OEM firmware intervention for the Secure Boot CA changes. These extrapolations are not verifiable from public telemetry and should be treated as speculative — inventory‑level validation is the only reliable way to assess device risk in a specific estate.

---

Strengths, trade‑offs and risks — editorial analysis​

Strengths

• Targeted fixes reduce blast radius. By focusing on specific regressions (protected playback, SMBv1/NetBT connectivity, RDP/docking shutdowns), Microsoft minimizes the scope of change that a preview pushes into a fleet and gives administrators a chance to validate without exposing the entire OS to new feature churn.
• Multiple installation paths. The availability of MSUs, DISM/PowerShell automation, and WUSA for interactive installs covers a wide range of deployment models from single machines to air‑gapped labs. This is practical for enterprise imaging and for advanced users.

Trade‑offs and risks

• SSU permanence. Servicing Stack Updates that are bundled with LCUs are effectively permanent; if a combined package introduces an unexpected regression, rollback may require full OS reimaging. That raises the bar for pilot testing and snapshotting.
• Driver/firmware interplay. Many of the fixes touch subsystems where third‑party drivers and firmware matter (graphics, docking firmware, WWAN modem stacks, capture drivers). Even with a validated OS fix, mismatched vendor drivers can produce residual symptoms — coordinate driver updates alongside the OS fix.
• Preview channel exposure. Enrolling machines into Release Preview to obtain the hotfix early exposes them to other preview artifacts; use dedicated pilot hardware rather than enabling Release Preview on broadly used endpoint devices.

---

Quick‑reference checklist (one page)​

• Verify the target OS build and SKU with winver before downloading MSUs.
• If deploying offline, download all MSU files for KB5065789 into a single folder (example: C:\Packages).
• Prefer DISM /Add‑Package against /Online for unattended installs, or Add‑WindowsPackage in PowerShell for scripted workflows.
• Pilot on «representative» hardware: docking stations, WWAN/eSIM laptops, HTPCs/tuner machines, virtual machines.
• If you have critical playback systems, either pause updates or pilot the Release Preview fix before broad rollout. Keep image backups.
• Prepare rollback plans that recognize SSU permanence — snapshot or image before applying SSU+LCU combos.

---

Conclusion — the practical takeaway​

KB5065789 is a focused Release Preview update designed to repair real, high‑impact regressions introduced earlier in the September servicing wave — most notably protected playback failures and reliability issues across input, printing, networking and RDP/docking scenarios. Administrators and advanced users who depend on the affected workflows should pilot the preview in controlled rings and coordinate driver/firmware updates with OEM vendors. For most users, waiting for the validated fix to arrive in the regular monthly cumulative will be the safest path; for HTPC, broadcast, or Autopilot‑reliant environments, the Release Preview option provides an early remediation route that should be handled carefully and with full backups.
Note: the KB and Microsoft Update Catalog entries include the authoritative MSU filenames and the explicit install order; when in doubt, follow the instructions on the Microsoft KB page and use DISM or WUSA as documented. Administrators managing large fleets should prioritize pilot testing and OEM firmware coordination because some servicing changes have dependencies that live outside the OS and require firmware-level updates to complete safely.

---

---

Source: Microsoft - Message Center September 29, 2025—KB5065789 (OS Build 26100.6725) Preview - Microsoft Support

 

[ChatGPT]

Microsoft published KB5065789 on September 29, 2025 as an optional Release Preview package for Windows 11 that stitches together a set of targeted quality fixes—most notably a remediation for DRM/HDCP‑protected playback failures that affected some Blu‑ray, DVD and digital‑TV applications—while continuing to stage several AI, accessibility and UI polishes behind gradual, region‑ and license‑gated rollouts.

---

Background / Overview​

KB5065789 arrives as a non‑security, preview cumulative for the Windows 11 servicing families tied to the 26100 (24H2) and 26200 (25H2 enablement) build lines. Microsoft labels it a Release Preview package intended for validation and pilot rings rather than for blind production deployment. The package lifts affected systems to OS build 26100.6725 (and parallel 26200.* variants where applicable) and combines both immediate reliability fixes and staged feature exposures—many of which remain gated by region, hardware entitlement (Copilot+ devices) or Microsoft 365/Copilot licensing.
This update is surgical in scope: it prioritizes restoring functionality and mitigating regressions that surfaced after the August/September servicing wave (notably the August preview KB5064081 and the September cumulative KB5065426) while leaving larger feature flips to broader, controlled rollouts. Community testing and Microsoft’s Release Health notes confirm the primary operational drivers for this preview: a fix for protected playback via the Enhanced Video Renderer (EVR) and a reliability correction for a Windows Update installation failure (error 0x80070002) that blocked some preview installs.

---

What’s in KB5065789 — The Practical Summary​

KB5065789 bundles a set of fixes and incremental feature availability designed to address both immediate breakages and staged productivity improvements.

• Key reliability and compatibility fixes:
• Repair for protected content playback problems in certain Blu‑ray, DVD and digital TV apps that use EVR with HDCP enforcement.
• Fix for a Windows Update manifest/catalog processing failure that surfaced as error 0x80070002 for some Insider devices attempting preview installs.
• Crash fixes for Settings → System → Storage and File Explorer drive properties pages, and restoration of the battery icon charging state in the taskbar.
• Networking mitigation: addresses SMBv1 over NetBIOS (NetBT) connectivity regressions introduced by earlier updates (tactical correction; SMBv1 remains deprecated).
• Incremental features and staged experiences:
• AI enhancements: new and popular action tags for Click to Do; AI Actions in File Explorer (image edits and Copilot‑powered document summarization)—these may be gated by region or license and are not guaranteed to appear immediately for all devices.
• Accessibility gains: Narrator gains a Braille Viewer that displays on‑screen text and its Braille equivalent on a refreshable Braille display; improvements to narrator behavior in Word (tables, lists, footnotes).
• UI polish & convenience: movable hardware indicator popups, Windows Share pinning, passkey plugin support and an improved Advanced settings layout.

Independent coverage and community reporting corroborate that the package is intentionally conservative and aimed at remediation and validation rather than at a full set of new, broadly available features.

---

The DRM/EVR Playback Regression — Technical Context​

Why the protected playback break mattered and why a small servicing change could block playback deserves a concise technical explanation.

• The affected playback chain involves three tightly coupled elements:
• Enhanced Video Renderer (EVR) — a legacy rendering path used by many DirectShow and some older Media Foundation players to render video onto trusted surfaces.
• Platform DRM (PlayReady / AACS etc.) — OS‑level content protection that ensures decrypted frames are only presented on secure surfaces and enforces license policies.
• HDCP / GPU / Display handshake — hardware‑level protections (HDCP) and GPU driver interactions that prevent unauthorized capture of protected streams.

When servicing changes alter initialization ordering, handshake semantics or driver interactions anywhere in this chain, the platform is designed to fail closed—meaning playback is blocked to prevent potential content leakage. That defensive behavior explains why the regression could appear suddenly for users reliant on EVR‑dependent players while modern streaming clients (which use app‑managed DRM and newer render paths) continued to function.
Microsoft’s KB states the EVR/HDCP problem surfaced after earlier August/September updates and that KB5065789 partially resolves the issue for EVR configurations; Microsoft continues to investigate remaining audio DRM edge cases. Administrators are thus advised to validate playback in their specific app/driver combinations after applying the update.

---

Packaging, Installation Paths, and Critical Caveats​

KB5065789 is distributed as one or more MSU files with explicit prerequisites and an installation order in some packaging variants. Administrators and power users must treat the SSU/LCU pairing and MSU ordering carefully.

• Packaging patterns to expect:
• Single MSU (LCU) or combined SSU + LCU packages are common. When an SSU is included, it is effectively permanent once applied—SSUs cannot be removed by standard uninstall operations and complicate rollback.
• Microsoft publishes MSU files in the Microsoft Update Catalog so offline, air‑gapped and image servicing workflows can apply the update.
• Manual install options (examples verified from official guidance):
• Install a target update to a running system via DISM:
• DISM /Online /Add-Package /PackagePath:C:\packages\Windows11.0-KB5065789-x64.msu
• Or via elevated PowerShell:
• Add-WindowsPackage -Online -PackagePath "C:\packages\Windows11.0-KB5065789-x64.msu"
• To install multiple MSUs offline, place all MSU files into the same folder and let DISM resolve prerequisites, or install each MSU individually in the required order. The Update Catalog lists file names and installation order when prerequisites exist.
• Important rollback and permanence notes:
• If the update is a combined SSU + LCU, you cannot remove the SSU portion with the usual wusa /uninstall methods. The only supported path to reverse a problematic state may be to restore a system image or reimage the device to a snapshot taken prior to installation. Administrators must plan for this when piloting preview packages.

---

Risks, Trade‑Offs and Governance Considerations​

KB5065789 fixes concrete, high‑impact regressions, but its context exposes broader trade‑offs that IT teams and enthusiasts must weigh.

• Strengths and practical benefits:
• Targeted remediation reduces the blast radius by fixing specific, urgent regressions without pushing a large feature set into production. This is beneficial for sensitive workflows (media playback, RDP farms, docking station use cases).
• Multiple install paths (Windows Update, WUSA, DISM, PowerShell) let enterprises choose the method that best fits their patch management and imaging pipelines.
• Risks and limitations:
• SSU permanence: if the MSU contains an SSU, that change persists and complicates rollback—making snapshots and images essential before pilot deployment.
• Driver and firmware interplay: many fixes touch subsystems (graphics, docking firmware, WWAN stacks) where third‑party drivers and firmware must be aligned. Even after applying KB5065789, mismatched vendor drivers may produce residual issues. Coordinate vendor driver updates alongside the OS fix.
• Feature fragmentation and gating: headline AI flows (File Explorer AI Actions, Click to Do enhancements) are server‑side and license gated—meaning availability varies by region, hardware entitlement, and Microsoft 365/Copilot subscription status. This creates inconsistent experiences across a global fleet and raises governance questions about data egress, telemetry and compliance.
• Privacy and data flow: Copilot‑backed summarization and Visual Search may involve cloud service calls. Enterprises must map these flows, confirm processing locality and retention rules for sensitive content, and adjust DLP and egress monitoring accordingly.

---

Troubleshooting and Verification Checklist​

When piloting or applying KB5065789, use this compact checklist to confirm success and catch regressions early.

• Before install:
• Record current build and baseline: run winver and note the OS build and servicing branch.
• Create a full disk image or VM snapshot. Do not rely solely on System Restore if you may need to revert SSUs.
• Collect baseline logs: Event Viewer Application/System, and any vendor‑specific logs (GPU capture drivers, tuner/capture apps).
• Install and immediate validation:
• Apply KB5065789 via Windows Update on a Release Preview device or use DISM with the MSU(s) in a single folder for offline installs. Example:
• DISM /Online /Add-Package /PackagePath:C:\Packages\Windows11.0-KB5065789-x64.msu
• Add-WindowsPackage -Online -PackagePath "C:\offline\Windows11.0-KB5065789-x64.msu" -PreventPending
• Reboot when prompted.
• Confirm build change with winver and Settings → System → About.
• Test repro scenarios:
• For playback: validate with each affected Blu‑ray/DVD/tuner app and confirm protected content playback (EVR/HDCP flows). Test audio DRM scenarios separately.
• For update reliability: re‑run the previously failing preview install or manifest processing steps and confirm no 0x80070002 errors occur.
• If something breaks:
• Review DISM and WindowsUpdate logs (C:\Windows\Logs\DISM, C:\Windows\WindowsUpdate.log) and Event Viewer for package names and error codes. Use DISM /online /get-packages to list installed packages.
• If a combined SSU + LCU caused an unacceptable regression, restore from the pre‑update image/snapshot—uninstalling the SSU is not supported.

---

Recommended Deployment Path for Administrators (Practical Steps)​

• Identify the risk population: collect inventory for HTPCs, tuner/capture servers, docking station fleets, and RDP multi‑monitor farms. These are the highest‑priority test cohorts.
• Create a dedicated pilot ring (5–10 devices) that mirrors production diversity: Copilot+ hardware, enterprise laptops, GPU vendors, docking solutions. Capture pre‑installation images.
• Apply KB5065789 to the pilot ring using DISM and the offline MSU packages (store all MSUs in a single folder to allow prerequisite discovery). Monitor installation and reboot behavior.
• Execute validation scenarios (playback, update success, RDP/docking, WWAN sign‑in, IME/locale testing, print queue UI). Document pass/fail and vendor driver versions.
• If the pilot passes for 48–72 hours, expand to a larger ring (10–25%) and continue monitoring. If issues appear, escalate to OEM/vendor support with collected logs and package names.
• For production fleets with strict compliance requirements, delay broad deployment until Microsoft promotes the fix out of Release Preview into the monthly cumulative channel, or until vendors confirm driver/firmware compatibility.

---

What to Watch Next​

• Microsoft’s Release Health and the monthly cumulative rollout schedule: KB5065789 may be promoted to the general monthly update channel after Release Preview validation. Track the Windows Update history for confirmation.
• Remaining DRM audio edge cases: Microsoft’s KB notes the EVR video handshake problem is partially resolved and that audio DRM scenarios may still need further fixes—test audio DRM playback specifically.
• Server‑side feature gating and license entitlements: features like File Explorer summarization require Microsoft 365 + Copilot licensing; verify entitlement before assuming functionality will appear.
• Secure Boot certificate expiration planning: Microsoft calls out an unrelated but time‑sensitive risk—Secure Boot certificates used by many Windows devices will begin expiring in June 2026. Organizations should inventory affected device firmware and plan CA/certificate updates now.

---

Final Analysis — Why KB5065789 Matters for Windows Administrators and Power Users​

KB5065789 is a textbook example of surgical remediation in a modern OS servicing model. It demonstrates a pragmatic Microsoft approach: preserve security and servicing hardening while issuing targeted fixes to restore critical workflows. For administrators, the package presents a clear operational trade‑off.

• Positive: the fix addresses real, high‑impact regressions (protected EVR playback and update failure blocking installs) that had operational consequences for media centers, broadcast capture workflows and Windows Insider validation rings. The update also brings long‑needed accessibility features and small usability improvements that matter to everyday users.
• Cautionary: the presence of combined SSU + LCU packaging and the complexity of driver/firmware interactions mean that any early adoption must be accompanied by robust backups, pilot testing and vendor coordination. The staged, license‑gated nature of several AI features also increases governance overhead and creates patchy user experiences across global organizations.

For most environments, a measured approach is best: pilot the update on representative non‑critical systems, validate the particular workflows you care about (especially EVR playback and vendor drivers), and only expand deployment once confidence is established or Microsoft promotes the fix into a general cumulative update. Administrators responsible for HTPCs, tuner servers, or imaging labs should prioritize testing now; general consumers and broad production fleets can safely wait for the update to reach the monthly cumulative channel.

---

KB5065789 is therefore a useful but carefully scoped corrective step: it repairs critical regressions while continuing Microsoft’s staged path for AI and accessibility feature rollouts. Treat the Release Preview package as an early validation tool—powerful when used correctly, risky if applied without backups and pilot discipline.
Conclusion: validate, snapshot, pilot, and coordinate—then deploy.

---

Source: Microsoft Support September 29, 2025—KB5065789 (OS Builds 26200.6725 and 26100.6725) Preview - Microsoft Support