Microsoft suggests registry hack for smart card users

Microsoft suggests registry hack for smart card users

Briefly

"Microsoft accidentally broke several things in the October 2025 Windows Update, but smart card authentication was not one of them. That was intentionally broken, and the temporary workaround requires a registry hack. Redmond noted the issue last week after smart card authentication and other certificate operations started failing following an "improvement" made to Windows in light of CVE-2024-30098. Part of the mitigation was to require RSA-based smart card certificates to use KSP (Key Storage Provider) instead of CSP (Cryptographic Service Provider)."

"The upshot of this change is that certificates that use CSP might have problems after the update. These problems could manifest as an inability to sign documents, smart cards not being recognized as CSP providers in 32-bit applications, and failures in applications that rely on certificate-based authentication. The good news is that until the authenticating app is updated to perform Key Storage Retrieval using the Key Storage API, there is a workaround."

"The bad news is that it requires a registry hack on every affected device. The bad news is that the hack will only work until the April 2026 Windows updates, when Microsoft plans to remove it. The workaround requires affected users to set the DisableCapiOverrideForRSA registry key value to 0 on every device. The issue affects almost every supported version of Windows and Windows Server, as well as some that are no longer supported, such as Windows 10 22H2."