Full Report
Microsoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates. [...]
Analysis Summary
# Vulnerability: False Certificate Enrollment Errors After Windows Updates
## CVE Details
- CVE ID: N/A (Described as a known issue/bug, not assigned a public CVE)
- CVSS Score: N/A (This is a false positive error reporting issue, not a traditional security vulnerability)
- CWE: N/A
## Affected Systems
- Products: Windows 11 24H2
- Versions: After installation of the July 2025 preview update (KB5062660) and subsequent updates, including the August 2025 security update.
- Configurations: Devices restarting after applying affected updates.
## Vulnerability Description
A bug introduced by recent Windows updates (starting with the July 2025 preview update KB5062660 and ongoing) causes the system to log false positive error messages in Event Viewer related to `CertificateServicesClient (CertEnroll)`. Specifically, these errors warn that the 'Microsoft Pluton Cryptographic Provider' failed to load. Microsoft clarified that this event is logged upon every restart, but there is **no actual impact** on active Windows processes or security, as it stems from a feature still under development that has not yet been fully integrated.
## Exploitation
- Status: Not applicable (This is a false notification bug, not an exploitable vulnerability)
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: None
- Integrity: None
- Availability: None (Though the presence of false errors could cause administrative confusion)
## Remediation
### Patches
The resolution is gradually rolling out:
- The fix is automatically enabled on devices that receive **KB5064081**, released on August 29, 2025.
- The rollout is expected to complete within approximately 4 weeks from the fix announcement.
- All subsequent security and non-security updates will include this resolution by default after rollout completion.
### Workarounds
- Initially, users were instructed to **ignore** the error events, as no action was required to prevent or resolve the error.
## Detection
- Indicators of compromise: Event Viewer logs showing errors related to `CertificateServicesClient (CertEnroll)` mentioning the 'Microsoft Pluton Cryptographic Provider' not loading after installing July/August 2025 updates.
- Detection methods and tools: Manual checking of the Windows Event Viewer logs.
## References
- Vendor advisories: Microsoft Windows release health dashboard (status-windows-11-24h2)
- Relevant links - defanged:
- hxxps://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#error-events-are-logged-for-certificateservicesclient