Windows 11 September C Release KB5065790 fixes sign-in freeze and RDP docking

Microsoft released the September non‑security optional preview (the “C” release) update for Windows 11 under KB5065790 — a targeted cumulative quality rollup that addresses a handful of reliability problems ranging from a sign‑in freeze when entering a SIM PIN to display and printing glitches, plus operator profile updates and input fixes.

Background / Overview​

This is a non‑security, optional preview update — commonly called a C release — intended for validation in pre‑release rings (Release Preview, Beta and Insider channels) before fixes are folded into the regular monthly cumulative update. The package identified by KB5065790 ships as servicing builds on the Windows 11 baselines and is published to Release Preview/Insider rings; depending on SKU and servicing branch the update can appear with different build suffixes (for example, build numbers such as 22631.5982 and 22621.5984 are associated with this KB across the 23H2 and 22H2 baselines). The update is explicitly non‑security in scope and focuses on reliability and compatibility corrections rather than new features.
At a glance, the headline fixes in KB5065790 include:

• Authentication: resolves a Windows sign‑in freeze that could occur after entering a SIM PIN on WWAN/eSIM‑enabled devices.
• Display/RDP: fixes an issue where Remote Desktop Protocol (RDP) sessions using multiple monitors could trigger an unexpected shutdown during dock/undock or streaming scenarios.
• Networking: covers a known‑issue scenario in the September servicing window where SMB v1 connections over NetBIOS over TCP/IP (NetBT) could fail; KB5065790 participates in the post‑September patch cycle that mitigates those scenarios.
• Input and language: fixes rendering problems in the Chinese Input Method Editor (IME) where characters either didn’t display correctly or appeared as empty boxes in some text fields.
• Browser/IE mode: addresses a Microsoft Edge behavior when running in Internet Explorer (IE) compatibility/IE mode that could stop responding on certain same‑domain redirects.
• Printer UI: corrects a crash when viewing a shared printer queue from Settings.
• COSA (Country and Operator Settings Asset): updates mobile operator profiles.
• System service housekeeping: fixes metadata for the McpManagement service so it shows an expected description.

The scope and nature of the fixes make KB5065790 particularly relevant to mobile‑first and hybrid workers, IT administrators managing docked laptops and RDP farms, and environments that still rely on legacy network protocols or specialized input/IME requirements.

---

What Microsoft changed (technical summary)​

Authentication and SIM PIN sign‑in freeze​

Microsoft identified and corrected a race / UI handling path that caused the Windows sign‑in screen to stop responding after a user entered the SIM PIN on WWAN or eSIM devices. Affected devices could be left at an unresponsive sign‑in prompt until a reboot or alternate sign‑in method was used.
Why this matters:

• Devices that require SIM PIN entry during sign‑on (field devices, first‑responder hardware, or corporate laptops using WWAN) could be effectively locked out, disrupting productivity or field operations.
• The fix restores expected sign‑in flow and reduces helpdesk escalations tied to cellular‑authenticated devices.

Display, Remote Desktop Protocol (RDP) and docking stability​

A display kernel component interacting with RDP multi‑monitor configurations could cause the system to shut down unexpectedly when a dock was disconnected during an active streaming session. The update modifies the handling of display configuration changes during RDP sessions to avoid the shutdown scenario.
Practical effects:

• Users who frequently dock/undock while remoting into multi‑monitor sessions (for example, knowledge workers, testers, or hoteling staff) will see fewer session failures and less risk of abrupt shutdowns.
• This fix primarily targets the interaction between RDP display reconfiguration and docking hardware — display drivers and third‑party docking firmware remain important variables for end‑to‑end behavior.

SMB v1 over NetBT connectivity (context and ongoing risk)​

September servicing introduced a known issue affecting SMB v1 connections made over NetBIOS over TCP/IP (NetBT): after installing certain September updates, systems could fail to connect to SMB v1 shares when NetBT was in use. The general guidance from Microsoft in the September patches recognized this as a known‑issue and suggested a workaround (forcing SMB to use TCP by allowing port 445 traffic). KB5065790 is part of the same servicing period and reflects Microsoft’s effort to address reliability regressions introduced or surfaced in the September patch cycle.
Important context:

• SMB v1 is deprecated and generally insecure; modern environments should be migrating to SMB v2/v3 and direct TCP (port 445) wherever possible.
• The connection failures only affect SMBv1 over NetBT; SMBv2/3 over TCP is not impacted in the same way.
• The prescribed mitigation is to allow TCP/445 traffic so clients will prefer direct TCP SMB and bypass NetBT; a permanent fix is expected in a future cumulative update.

Input / Chinese IME fixes​

Two related issues were corrected:

• Some characters did not render correctly when using the Chinese IME.
• Certain Chinese characters appeared as empty boxes in fields where a character limit was enforced (for example, in some administrative tools that impose a length restriction).

Impact:

• Multilingual and international deployments that rely on CJK input will benefit. Forms, internal tools, and AV‑clients using these input stacks should be retested after installation.

Browser: Edge in Internet Explorer compatibility mode​

This update includes a fix addressing Microsoft Edge when the browser runs in IE compatibility (IE mode) and encounters certain same‑domain redirects that could cause the tab or the IE‑mode frame to stop responding. IE mode remains a critical compatibility path for legacy intranet applications and custom enterprise web apps.
Caveats:

• IE mode behavior is shaped by both Edge policy configuration and the enterprise site list. Administrators relying on IE mode should validate redirect behaviors (in‑page, server redirects and form POST flows) after updating.
• Historically, IE mode regressions have been resolved partially with Known Issue Rollbacks (KIR) or targeted edge updates; this update is the latest corrective step in that ongoing landscape.

Printer queue crash and system metadata​

Viewing a shared printer queue from Settings could cause the Print Queue user interface to stop working. The update corrects the UI path and addresses a cosmetic but important admin pain‑point. Separately, the McpManagement service was updated so it no longer appears with a missing description, improving clarity for service audits and automation.

COSA operator profile updates​

The Country and Operator Settings Asset (COSA) was updated to refresh operator profiles for certain mobile carriers. These manifest changes help maintain correct APN and provisioning behavior for WWAN/eSIM configurations.

---

Who should care and why​

• Mobile and WWAN/eSIM device fleets: The SIM PIN sign‑in hang and COSA updates make KB5065790 especially relevant for vehicles, field tablets, and corporate laptops that rely on cellular connectivity.
• Hybrid workers using docking and RDP: Teams using docking stations, multi‑monitor RDP sessions, and hot‑docking workflows should test the update for display stability improvements, but also validate display driver behavior.
• Enterprises still using SMB v1: Organizations that have not migrated away from SMB v1 and that rely on NetBIOS/NetBT for name resolution or legacy topologies are at the highest risk from the September SMBv1 connectivity regressions. The recommended long‑term remedy is migration to SMBv2/3 and direct TCP (port 445).
• Multilingual environments: Companies that rely on Chinese IME input or have internal software where character limits matter should test IME rendering post‑install.
• IT administrators and helpdesks: Fixes to printer queue crashes and service metadata reduce low‑level support tickets and make system inventory cleaner.

---

Deployment guidance — recommended rollout plan​

This update is optional (preview), so it is not forced via automatic production channels. Follow a staged deployment:

• Lab validation (2–10 devices)
• Include representative hardware: at least one WWAN/eSIM device, one docked laptop, one device with the Chinese IME and enterprise browser configuration.
• Validate: SIM PIN sign‑in flow, COSA/eSIM provisioning, RDP multi‑monitor sessions with dock/undock, printing via shared queues from Settings, and IME character rendering.
• Small pilot (10–50 users)
• Choose pilot users from the groups most likely to be affected (field staff, hybrid workers).
• Collect logs and telemetry for 48–72 hours: sign‑in errors, Event Viewer entries, and RDP/disconnect traces.
• Extended pilot (100–500 users)
• Expand across carrier providers if your fleet uses multiple WWAN providers.
• Verify printer and IME behavior across a broader set of apps.
• Broad rollout
• If the pilot is clean, schedule a wider deployment during maintenance windows, monitor for regressions and maintain rollback steps.

Testing checklist (minimum):

• SIM PIN entry on physical SIM and eSIM devices across carriers.
• RDP sessions with multiple monitors, including undock/disconnect and streaming (video).
• SMB share access between patched and unpatched endpoints for both NetBT and TCP/445 paths.
• Chinese IME rendering in rich‑text apps, admin tools, and web forms with character limits.
• Opening shared printer queues from Settings and basic print jobs.
• IE mode pages and same‑domain redirects in Microsoft Edge under enterprise policies.

Rollback and remediation:

• Because this is a preview update, standard rollback via Settings > Windows Update > Update history > Uninstall updates remains the most straightforward option for pilot machines.
• For SMBv1 NetBT failures, use the workaround of allowing TCP/445 traffic to force SMB over TCP while you coordinate patching of both endpoints.

---

Risk analysis and caveats​

• Preview status means possible regressions: By definition the C release is optional and primarily intended for validation. While fixes are narrow and targeted, new regressions remain possible, particularly on outlier hardware or driver stacks (display drivers, docking firmware, and WWAN modem drivers).
• SMBv1 is risky and deprecated: The SMBv1/NetBT connectivity problem is a reminder that legacy protocols remain a security and reliability liability. Migration to SMBv2/v3 and disabling SMBv1 where possible should be a priority; the temporary workaround (allow TCP/445) can be operationally useful but must be balanced against network filtering and security requirements.
• Edge/IE mode behavior can be complex: IE mode depends on a combination of Edge updates, enterprise site lists, and browser policies. Changes to any of those components can alter redirect and navigation behavior; test legacy web applications comprehensively.
• Carrier profile updates (COSA) can have side‑effects: Updating operator profiles can alter APN, roaming, or provisioning behavior. Managed fleets should validate eSIM and provisioning workflows post‑update to avoid surprises that affect billing or connection quality.
• Lack of low‑level technical detail: Microsoft’s public notes for this KB are high level; they describe symptoms and outcomes but do not publish low‑level root cause details. Administrators who need code‑level changes or exact stack traces must rely on internal telemetry and logs or engage Microsoft support for deeper diagnostics.

Flagging unverifiable or incomplete claims:

• Microsoft’s public KB and Release Preview announcements list the symptoms and fixes, but they do not provide full root‑cause engineering details, so any assertion about the exact code path (driver, middleware, or the precise interaction between Win32, kernel, or WWAN stacks) remains unverified from the public documentation. Treat the high‑level descriptions as accurate symptom‑fix mappings rather than precise bug‑for‑bug technical explanations.

---

Practical recommendations for IT teams​

• Prioritize testing KB5065790 on WWAN/eSIM devices and docked form factors before broad rollout.
• If your environment still depends on SMB v1:
• Assess and prioritize migration to SMBv2/3.
• In the short term, permit TCP/445 between clients and servers to force direct TCP SMB and avoid NetBT fallback.
• Patch both client and server endpoints in a coordinated fashion so that fixes and rollouts don’t leave mixed patched/unpatched states that can trigger fallback failures.
• For organizations with legacy web apps reliant on IE mode:
• Validate in‑page navigation and redirect behavior under the enterprise IE mode site list.
• Use Managed Edge policies to control IE mode behavior during the rollout and consider testing with Known Issue Rollback behavior in mind.
• Maintain clear pilot and rollback plans. Because this is an optional update, run small pilots first and keep devices ready to uninstall the preview if unexpected regressions appear.
• Monitor telemetry for these specific items post‑install:
• Sign‑in errors and interactive UI hangs.
• RDP disconnects, display driver crashes, or unexpected shutdowns.
• SMB connection failures, NetBT logs, and fallback behavior.
• Printing errors and UI crashes in Settings.

---

Administration: how to obtain and install KB5065790​

• KB5065790 is distributed through the Windows Update channels for Release Preview/Insider rings and can be applied via:
• Windows Update (for machines enrolled in Release Preview/Beta/Insider channels)
• Microsoft Update Catalog (standalone packages for manual deployment)
• WSUS or Windows Update for Business for managed ring targeting (ensure your ring policy allows optional preview updates if you intend to pilot)
• Because KB5065790 is an optional preview update, it will not automatically flow to production devices that are not configured to accept Release Preview/optional updates. Use controlled rings to stage deployment.

---

The larger servicing picture: why these targeted updates matter​

Microsoft packages targeted reliability fixes into optional (C) releases for two reasons: first, to validate fixes with a broader set of telemetry and real‑world usage before including them in the next Patch Tuesday; second, to give administrators and power users a means to proactively resolve high‑impact reliability issues without waiting for the monthly security rollup.
KB5065790 is an example of that approach: a small set of high‑impact but narrow fixes (sign‑in freeze, RDP docking crashes, IME rendering) that address pain points for particular user cohorts. The simultaneous presence of a known SMBv1 connectivity problem across the September servicing cycle underscores a recurring tradeoff in modern OS servicing — aggressive hardening and broad patching can surface regressions in legacy scenarios. That dynamic reinforces the need for staged, tested rollouts in managed environments.

---

Final assessment — strengths and risks​

Strengths

• The update fixes direct user‑impact issues: sign‑in freezes and abrupt shutdowns are high severity for affected users; resolving them reduces field and helpdesk incidents.
• The package addresses both user‑visible functionality (printer UI, IME rendering) and administrative clarity (McpManagement service description), improving day‑to‑day operations.
• COSA updates keep WWAN/eSIM provisioning current, an underappreciated but important aspect of mobile device management.

Risks and residual concerns

• As an optional preview, the update carries a small but real chance of regression on some hardware stacks — notably display drivers, docking firmware, and WWAN vendor software.
• SMBv1 over NetBT remains fragile in the September servicing window; environments dependent on legacy SMBv1 must take mitigation and migration seriously.
• Public documentation remains high level; for complex or persistent failures, administrators will need to gather logs and engage support because the update notes do not reveal low‑level root‑cause details.

---

Conclusion​

KB5065790 is a compact, targeted quality rollup that corrects a set of meaningful, real‑world reliability issues for Windows 11 devices — most notably the SIM PIN sign‑in freeze, multi‑monitor RDP/docking crashes, and Chinese IME rendering problems. It also sits within a September servicing window that exposed a separate SMBv1/NetBT connectivity regression; that issue increases the urgency of migrating away from SMBv1 and confirms the need for careful, staged testing before broad rollouts.
For IT teams, the immediate priorities are clear: pilot KB5065790 on WWAN/eSIM and docked hardware, validate RDP and IME scenarios, and confirm printing and IE‑mode compatibility. For organizations still using SMBv1, plan for migration and use the TCP/445 workaround as a stopgap while coordinating patching across endpoints. Because this update is optional, controlled pilots and conservative rollout practices remain the best path to capture the reliability benefits while minimizing the risk of new regressions.

---

Source: Neowin KB5065790: Microsoft fixes Windows 11 bug that freezed PC when signing in, and more