What happened?
Starting at 21:00 UTC on 14 Oct 2025, customers running server-side applications that rely on HTTP.sys may experience issues with incoming connections. This specifically affects environments using Windows Server 2025 or Windows 11. We attributed this to an installation of recent Windows updates (KB5066835, KB5066131, KB5065789). If you were not impacted, then you do not need to take any action.
Impacted customers do not need to change their KB but will need to take the following actions,
From the affected machine, click on "check for updates"
After checking for updates, customers will need to restart the machine (Note: Proceed with reboot irrespective of new updates being found.)
This should mitigate the issue.
For customers who have machines that are in an air gapped environment and cannot access the internet, they can copy and paste this address into a browser "
https://download.microsoft.com/download/16d61dc0-7e94-4cd2-ba3c-4f59dece8488/Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5066835 251015_22001 Known Issue Rollback.msi" with internet connectivity to download and apply manually.
If you have an enterprise-managed device and have installed the updates KB5066835, KB5066131, KB5065789, or later, you do not need to use a Known Issue Rollback (KIR) or a special Group Policy to resolve this issue. If you are using an update released before 14 Oct 2025, and have this issue, your IT administrator can resolve it by installing and configuring the special Group Policy listed below.
Group Policy downloads with Group Policy name:
https://download.microsoft.com/download/16d61dc0-7e94-4cd2-ba3c-4f59dece8488/Windows 11 24H2, Windows 11 25H2 and Windows Server 2025 KB5066835 251015_22001 Known Issue Rollback.msi (also applicable to Windows 11, version 23H2)
The special Group Policy can be found in Computer Configuration > Administrative Templates >
If your issue persists due to this issue, please contact support using the support option in Azure Service Health, from the Azure Management Portal. We are monitoring failures to assess the success of this mitigation strategy.
What went wrong and why?
The issue stems from a feature dependency introduced in a previous update. When this feature is disabled, security updates may cause machines to reboot into a problematic state, resulting in widespread HTTP server failures.
How did we respond?
Oct 14, 21:00 UTC – Some websites could have started failing to load after installing Windows updates.
Oct 15, 13:57 UTC – Engineering and support teams acknowledged the issue and began investigation.
Oct 15, 20:44 UTC – Scope of impact expanded to include additional operating systems and environments.
Oct 15, 22:59 UTC – Impact further extended to include Windows Server 2012, which was then ruled out.
Oct 15, 20:19 UTC – Investigation began, focusing on HTTP.sys behavior.
Oct 15, 21:59 UTC – The cause was confirmed, and we deployed mitigation which was disabling the problematic feature via a cloud-based configuration change
Oct 15, 23:05 UTC – Mitigation effectiveness confirmed through successful VM testing.
:strip_exif()/i/1253019414.gif?f=fpa)
:strip_exif()/i/2004648160.jpeg?f=fpa)
/i/2007700920.png?f=fpa)
:strip_exif()/i/2004648158.jpeg?f=fpa)
:strip_exif()/i/2001972283.jpeg?f=fpa)
/i/2001753841.png?f=fpa)
/i/2007013324.webp?f=fpa)
:strip_icc():strip_exif()/u/78725/train-icon3.jpg?f=community){kind=small}
:strip_icc():strip_exif()/u/71967/Grimlock.jpg?f=community){kind=small}
:strip_icc():strip_exif()/u/155703/crop5fc8280603c09_cropped.jpeg?f=community){kind=small}
/u/818861/crop67e51182dfc04_cropped.png?f=community){kind=small}
/u/62384/crop61891f444d6e9.png?f=community){kind=small}
:strip_icc():strip_exif()/u/140070/kalief.jpg?f=community){kind=small}