Share via

DisableCapiOverrideForRSA registry removal impact on windows 2022

Mayuri Harkulkar Intertek 0 Reputation points
2026-03-26T12:16:16.41+00:00

Patch send on Oct 2025- KB5066835, does it got executed on windows 2022.

Also is the new patch for removing registry value DisableCapiOverrideForRSA which is due in april 2026, will it be applied to windows 2022?

Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Tan Vu 2,655 Reputation points Independent Advisor
    2026-03-26T13:14:48.1233333+00:00

    Hi Mayuri Harkulkar,

    The October 2025 update (KB5066835) is applicable to Windows Server 2022. It is part of Microsoft’s broader security updates related to cryptographic changes, so it does get installed on supported Server versions, including 2022.

    About the DisableCapiOverrideForRSA registry key, this is not something created by default. It is only used as a temporary workaround to allow legacy CSP-based RSA operations to continue working after the security changes. If you have not explicitly set it, it will not exist in your system.

    For the planned change in April 2026, Microsoft has indicated that this override will be removed across supported platforms. This means Windows Server 2022 will also be affected. Once removed, any dependency on legacy CAPI/CSP for RSA will no longer work, and there will be no fallback option.

    In short:

    • KB5066835 does apply to Windows Server 2022
    • The registry key is only a temporary compatibility workaround
    • Its removal in April 2026 will also impact Windows Server 2022

    If this was helpful, please click "Accept Answer". If you have any further questions, you can leave a comment. I hope this helps and wish you success in resolving your issue.

    Have a great day!

    TV

    Was this answer helpful?

    0 comments
  2. Q&A Assist
    2026-03-26T12:16:37.37+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    KB5066835 is not the October 2025 security update for Windows Server 2022. For Windows Server 2022, the October 14, 2025 update that introduces the CVE-2024-30098 protections and the related smart card/KSP enforcement is KB5066782.

    On Windows Server 2022:

    • The October 2025 enforcement of KSP (instead of CSP) for RSA-based smart card certificates comes from KB5066782, not KB5066835.
    • The behavior and workaround are the same as on other affected platforms: if CSP-based smart card certificates are in use, smart card authentication and certificate operations might fail after installing the October 2025 update.

    Regarding the DisableCapiOverrideForRSA registry value:

    • The same DisableCapiOverrideForRSA workaround applies to Windows Server 2022 as to the other listed platforms. Setting HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\DisableCapiOverrideForRSA to 0 temporarily re-enables the legacy CAPI behavior for RSA.
    • This workaround is planned to be removed in Windows updates released in April 2026 across the affected platforms, which explicitly include Windows Server 2022. After those April 2026 updates, relying on DisableCapiOverrideForRSA will no longer be possible.
    • For a permanent fix, authenticating applications must be updated to use the Key Storage API for key retrieval as documented in Key Storage and Retrieval.

    In summary: Windows Server 2022 receives the October 2025 enforcement via KB5066782, and the April 2026 removal of the DisableCapiOverrideForRSA workaround is planned to apply to Windows Server 2022 as well.

    References:

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.