Windows 11 September 2025 Update Regressions: DRM EVR, SMBv1, PSDirect

Microsoft has confirmed that the Windows 11 September 2025 cumulative update (KB5065426) — and an August optional preview (KB5064081) that preceded it — introduced a cluster of regressions that can break DRM-protected playback on certain legacy players, interfere with file sharing over SMBv1, and produce edge-case failures in PowerShell Direct and game anti‑cheat modules. These problems are concentrated in older media and networking pipelines — Enhanced Video Renderer (EVR) + HDCP/DRM, NetBIOS/SMBv1 connections, and kernel-level plug-ins such as anti-cheat drivers — but they have real-world impact for users who rely on physical‑media playback, legacy NAS devices, or specific virtualization and gaming workflows. Microsoft has acknowledged the issues and says fixes are planned for upcoming updates.

Background​

Microsoft shipped an optional servicing update on August 29, 2025 (KB5064081) and rolled a combined servicing stack + cumulative update on September 9, 2025 (KB5065426, OS Build 26100.6584). The September release incorporates fixes and changes from the August preview, but it also consolidated regressions that customers began reporting through Feedback Hub, vendor forums, and Microsoft Q&A. Microsoft’s official KB page for KB5065426 documents several known issues and workarounds and has been updated as reports have accumulated.
These updates were part of the regular monthly servicing cadence and included security hardening and compatibility fixes. Unfortunately, a subset of those changes affected legacy media rendering pathways, the SMBv1 (NetBIOS) fallback path, and certain environment-specific handshake behaviors used by PowerShell Direct (PSDirect) in hotpatched virtual machine scenarios. The problems are concentrated, but they are not hypothetical — users have posted reproducible failures and Microsoft has publicly confirmed multiple distinct behaviors.

---

What broke: a technical inventory​

1) DRM / HDCP playback failures in EVR-based apps​

• Symptom: Digital TV tuners, Blu‑ray and DVD player applications, and some broadcast/DVB apps that use the Enhanced Video Renderer (EVR) with HDCP enforcement or platform DRM for audio can display copyright protection errors, freeze, produce black screens, or drop playback repeatedly.
• Scope: Affects apps that rely on EVR/DirectShow or certain Media Foundation integrations with platform DRM; mainstream streaming clients (Netflix, Disney+, etc.) that use modern app-managed DRM and different rendering paths were reported to be unaffected. Microsoft attributes the regression to a change introduced in the August optional update (KB5064081) and confirmed the behavior in community forums.

Why it matters: EVR remains in use by many physical-media and broadcast applications because those code paths were originally built on DirectShow/EVR. When Windows changes behavior in the protected-media chain — for example, how it enforces HDCP or hands audio/video through the platform DRM — older apps that expect the previous behavior may fail to initialize the protected pipeline and will abort playback.
Practical impact: Users with built-in TV tuners, external USB tuners, or legacy DVD/Blu‑ray software (including third‑party players that use EVR) may lose access to legitimately purchased or licensed content until a patch is issued or they switch to an alternate playback method.

2) SMBv1 connectivity and file/print sharing failures​

• Symptom: Devices using SMBv1 over NetBT (NetBIOS over TCP/IP) can fail to connect to shared files and folders after the September 9 update. In some home setups with cloned machines (same machine SID), file and printer sharing stopped working entirely. In other cases, mapped drives or credential prompts began failing with error codes related to authentication.
• Microsoft guidance: The KB notes that the SMBv1 protocol is deprecated and recommends switching to SMBv2/SMBv3 when possible. As a mitigation, allowing TCP port 445 traffic will force SMB to use TCP instead of NetBT and can restore connectivity for affected scenarios. Microsoft lists this as a known issue they are working to resolve in a future update.

Why it matters: Many small offices, homes, and legacy NAS devices or printers still rely on SMBv1 or NetBIOS-based discovery. Although SMBv1 has been deprecated for security reasons, real‑world environments contain legacy devices that are costly or impractical to replace immediately. The result: an otherwise routine security update can break core file‑sharing workflows.

3) PowerShell Direct (PSDirect) failures in hotpatch scenarios​

• Symptom: PSDirect connections can fail on hotpatched devices where host and guest VMs are not at a matching patch level. Specifically, if one side is updated and the other isn’t, the expected handshake fallback can fail intermittently, leaving sockets uncleared and causing connection failures.
• Microsoft response: The KB lists the behavior as an edge case and points to follow-up fixes (e.g., KB5066360) and guidance to update both host and guest to the same levels.

Why it matters: PSDirect is commonly used by administrators for management of Hyper‑V guests without network connectivity. Environments that rely on hotpatching strategies now face subtle connectivity failures that can block automation or emergency maintenance scripts.

4) Game launching / anti‑cheat interactions (Javelin) and other app regressions​

• Symptom: Reports surfaced that some EA titles — particularly those that rely on EA’s kernel‑level Javelin anti‑cheat — failed to launch or were blocked after earlier optional or preview updates (users traced some failures back to KB5064081). Community threads and vendor forums show users uninstalling updates to restore functionality.

Why it matters: Kernel-level anti-cheat systems are both highly privileged and sensitive to subtle changes in the kernel, driver stack, or system components. Even if the number of affected users is limited, a broken anti‑cheat can prevent legitimate players from launching games or cause unexpected errors during authentication or runtime.

5) DirectX 9 rendering distortions and color/texture corruption​

• Symptom: Multiple Feedback Hub and Microsoft Q&A posts describe DirectX 9 rendering corruption — notably color desaturation or severe texture distortion in game opening movies — after the August preview update. Some reports include side‑by‑side video captures demonstrating altered colors and artifacts. Microsoft community moderators acknowledge these reports and recommend rolling back the offending update while a root cause is investigated.

Why it matters: DirectX 9 is legacy but remains in active use for older titles and certain media engines. System-level changes that alter fallback renderers or color pipelines can degrade visual fidelity for those workloads.

---

Timeline and Microsoft’s public stance​

• August 29, 2025 — Microsoft released an optional preview/servicing update (KB5064081) that introduced changes later referenced by Microsoft as the origin of some regressions. Community reports linking playback and game launch failures began appearing soon afterward.
• September 9, 2025 — Microsoft rolled the combined servicing stack + cumulative update (KB5065426, OS Build 26100.6584) to general availability. The KB notes improvements and known issues, and Microsoft updated its documentation as reports surfaced.
• Mid‑September 2025 — Multiple vendor forums, Microsoft Q&A threads, and independent tech outlets consolidated reports of EVR/DRM playback failures, SMBv1 connectivity issues, PowerShell Direct edge cases, and game/anti‑cheat errors. Microsoft acknowledged DRM/HDCP playback problems in its Q&A and Release Health channels and confirmed SMBv1 and PSDirect behaviors in the KB article; fixes are scheduled for future releases.

Microsoft’s messaging emphasizes that streaming services and modern DRM flows are not affected, and that the regressions are linked to legacy pipelines (EVR, NetBT/SMBv1). That framing is accurate and important for deciding who should act immediately versus waiting for patches.

---

Who is affected (and who probably isn’t)​

• Likely affected:
• Users who watch Blu‑ray or DVD discs through Windows apps or third‑party players that still use EVR/DirectShow with HDCP enforcement.
• Owners of legacy NAS devices, printers, or appliances that depend on SMBv1 and NetBIOS (NetBT) discovery.
• Administrators using PowerShell Direct in environments that apply hotpatches unevenly across host and guest VMs.
• Players of some EA titles where the Javelin anti‑cheat driver interacts poorly with recent kernel or driver changes.
• Probably not affected:
• Users who consume content via modern streaming apps (Netflix, Disney+, Prime, etc.) because those clients use newer DRM and rendering pipelines.
• Environments using SMBv2 or SMBv3 exclusively.
• Most typical consumer setups that do not use legacy media players or specialized virtualization plumbing.

This risk profile is important: the regressions are not universal failures of Windows 11, but they are highly disruptive for the specific use cases listed above. Microsoft’s guidance reflects that targeted scope.

---

Workarounds and mitigations​

Before applying fixes from Microsoft, affected users and administrators should take measured actions rather than broad rollbacks that could reintroduce security risks.

• For DRM/EVR playback issues:
• Try an alternate player that uses newer rendering paths (if available).
• If the app offers a setting to select a renderer (EVR vs. SVR vs. system default), switch to the non‑EVR option.
• As a temporary measure, delay installing the cumulative update on systems where EVR-based playback is essential until Microsoft issues a patch. Microsoft publicly recommended postponing updates if impacted.
• For SMBv1 / file-sharing failures:
• Allow TCP port 445 traffic to force SMB to use TCP instead of NetBT (this can restore connectivity when both client and server have the September update installed).
• If possible, upgrade the device or appliance to support SMBv2 or SMBv3.
• As a last resort, uninstall the cumulative update on affected systems (note: uninstalling the LCU may be possible but SSUs are not always removable; follow Microsoft guidance and be aware of security trade‑offs).
• For PSDirect failures:
• Ensure both host and guest VMs are updated to the same patch level (Microsoft recommends aligning patch status) or apply the follow‑up fix when available (e.g., KB5066360 referenced in the KB).
• For anti‑cheat / game launch problems:
• Check vendor guidance (EA support and forums) for temporary workarounds such as reinstalling or repairing the anti‑cheat component and ensuring Secure Boot requirements are met.
• If a game fails to launch only after a specific Windows update, consider uninstalling the update on that machine while awaiting a vendor or Microsoft patch — but test carefully and weigh security implications.
• General: Report detailed repro steps to Microsoft via Feedback Hub and to the app vendor. Community reports with logs, dxdiag captures, and short screen recordings accelerate triage.

---

Critical analysis: how did we get here?​

• Legacy-compatible changes are high-risk. Many modern Windows users never interact with EVR or SMBv1, but these legacy subsystems remain in use in niche, enterprise, and enthusiast scenarios. Security hardening and platform changes are necessary, yet the update process must carefully balance regression risk for legacy pipelines. The KB language and Microsoft’s later confirmations show that this balance was imperfect in this release.
• The release model (optional preview → cumulative LCU) can accelerate regressions into widespread impact. Optional monthly previews exist precisely so that administrators and power users can validate patches before they move to general availability. Nonetheless, when an optional change is folded into a subsequent LCU, the regression gains broader exposure. That appears to have happened here: an August preview introduced a change that later surfaced again after the September cumulative.
• Interoperability blind spots between OS updates and third‑party kernel drivers (anti‑cheat) continue to cause headaches. Kernel‑level anti‑cheat systems are tightly coupled to OS internals. When Microsoft makes changes for security, performance, or compatibility, vendors must update anti‑cheat drivers in lockstep; otherwise players can be locked out. The evidence in forums shows that these interactions remain fragile.
• Communication and triage: Microsoft responded via KB updates and Q&A posts, but community feedback indicates that many affected users were left troubleshooting without an immediate fix for days. For enterprise admins and home users relying on legacy devices, that gap is costly.

---

Risk assessment and recommendations​

• For home users:
• If you rely on Blu‑ray/DVD playback via older apps, a TV‑tuner or an older NAS/printer, pause automatic updates until Microsoft publishes a known fix or a clear workaround is validated for your scenario. Back up important data before attempting rollbacks.
• If you don’t use any legacy devices, applying the September update is still recommended for security. The primary regressions are targeted, not universal.
• For businesses and IT administrators:
• Validate the cumulative update in a controlled test ring before broad deployment. Focus test cases on legacy workloads: DirectShow/EVR media players, SMBv1 networked appliances, virtualization tooling that uses PSDirect, and any in‑use third‑party kernel drivers (anti‑cheat, virtualization filters, etc.).
• If you use hotpatching, ensure hosts and guests are updated together to avoid the PSDirect edge case. Apply Microsoft's follow-up fixes when available.
• Prioritize replacing end-of-life devices that require SMBv1; the update is a strong signal that SMBv1 remains insecure and unsupported.
• For developers and vendors:
• Review code paths that depend on EVR and DirectShow for protected content and consider migrating to newer Media Foundation or SVR-based pipelines where feasible.
• Anti‑cheat and other privileged drivers should be tested against preview updates and monthly LCUs to detect regressions early.

---

What to expect next​

Microsoft has said it is working on resolutions and will deliver fixes in future updates. Historically, the cadence for correcting such regressions can be rapid when the issue affects broad or critical workflows, but legacy-specific regressions sometimes require deeper investigation and coordination with hardware or app vendors. Watch the Windows Release Health dashboard and the KB article for changelog entries that reference DRM/EVR, SMBv1 connectivity, or PSDirect fixes. In parallel, vendors such as EA may release patches or guidance for anti‑cheat compatibility.

---

Final verdict​

The September 2025 update cycle for Windows 11 brought important security and servicing improvements, but it also exposed how fragile the interplay between legacy media pipelines, deprecated network protocols, and privileged third‑party drivers can be. The confirmed DRM/HDCP playback regressions, SMBv1 connectivity breakages, PSDirect edge cases, and game/anti‑cheat startup failures are targeted yet meaningful: they interrupt everyday activities for users who rely on legacy hardware and software.
Mitigation requires a pragmatic mix of cautious update deployment, vendor coordination, and, where safe and possible, migration away from deprecated technologies (SMBv1, EVR). Microsoft’s public acknowledgement and the presence of KB entries and Q&A confirmations are encouraging; the critical step now is timely patches and clearer guidance to minimize disruption for affected users.

---

Important note: some community claims (for example, precise counts of affected systems or claims that every installation will break specific games) cannot be independently verified at this time and should be treated as anecdotal until Microsoft or the affected vendors publish telemetry or formal incident reports. Users should prioritize validated repro steps and vendor guidance when deciding to delay or uninstall updates.

---

Source: Windows Latest Microsoft confirms DRM issues in Windows 11 September 2025 Update