Microsoft released its September 2025 Patch Tuesday update for Windows 11 version 24H2 on September 9, packing a mix of user interface refinements, on-device AI groundwork, and a deep bench of reliability fixes. Tagged KB5065426 and advancing systems to OS Build 26100.6584, the cumulative update lands via Windows Update, WSUS, and the Microsoft Update Catalog, but its hefty multi-gigabyte footprint and phased feature rollout demand careful planning.

Headline Features and UI Tweaks

The update introduces several visible changes that everyday users will notice immediately. The larger clock that shows seconds is back in the notification center—you can enable it in Settings > Time & language > Date & time after installing. Taskbar preview thumbnails should no longer break if you accidentally drag across them, and search on the taskbar now shows image results in a grid view with clearer status indicators for cloud versus local files.

File Explorer receives welcome polish: dividers now separate top-level icons in context menus, and when signed in with an Entra ID, persona icons appear in the Activity column and Recommended section, linking to Microsoft 365 Live Persona Cards. A bug that caused the unblock checkbox in file properties to remain stuck is also fixed.

Windows Hello and passkey flows get a modernized visual overhaul, with a cleaner interface that makes switching between authentication methods easier. Fingerprint login after standby is more robust, and a facial recognition quirk where Windows would detect your face but still prompt for a PIN should be resolved.

Task Manager now uses standard CPU workload metrics across all pages, aligning with industry norms and third-party tools. If you prefer the old metric, you can re-enable it via a new optional "CPU Utility" column in the Details tab. On the lock screen, widget personalization expands beyond the EEA to all regions, letting you add, remove, and rearrange small widgets like Weather, Watchlist, and Sports.

AI Scaffolding: Recall, Click to Do, and Copilot+ Gating

KB5065426 ships the binaries and UI scaffolding for Microsoft’s next wave of on-device AI features, but actual enablement is gated by hardware and licensing. The most prominent additions revolve around Recall and Click to Do.

Recall now opens to a personalized homepage that surfaces Recent Snapshots, Top Apps and Websites (the three most-used in the past 24 hours), and a new left navigation bar for Home, Timeline, Feedback, and Settings. Snapshot collection remains strictly opt-in and can be filtered by app and website. This redesign is targeted at Copilot+ PCs, meaning devices without the required NPU or other certified hardware won’t see it even after installing the update.

Click to Do gains an interactive first-run tutorial demonstrating contextual AI actions on text and images—like summarization and background removal. You can re-launch it from the app’s More options menu. Again, full Click to Do functionality lights up on Copilot+ hardware.

This two-step delivery—code in the build, feature turned on later via server-side gating—explains why two identical PCs on the same build can have different experiences. Microsoft 365 or Copilot licensing further restricts productivity actions like Summarize in File Explorer, even on capable hardware.

A new Settings page under Privacy & security > Text and Image Generation lets you see which third-party apps recently used Windows-provided generative AI models and block them individually. The Settings agent, part of the Copilot+ PC experience, now supports AMD- and Intel-powered Copilot+ PCs (previously Snapdragon-only), though it works only with English as the primary display language.

Enterprise Fixes and Security Hardening

Beyond the consumer shine, KB5065426 patches several enterprise-critical bugs. A Kerberos crash that could block access to cloud file shares is resolved—important for hybrid environments relying on Entra ID authentication. The Resilient File System (ReFS) no longer exhausts system memory when backup applications handle very large files, a lifesaver for SAN/NAS and backup-heavy operations.

Multiple input fixes address Chinese (Simplified) IMEs displaying extended characters as empty boxes, touch keyboard failures after switching IME versions, and a textinputframework.dll issue that could crash Sticky Notes and Notepad. A dbgcore.dll bug that contributed to explorer.exe crashes is patched, and ARM64 application install slowdowns are mitigated.

From a security posture perspective, SMB auditing features continue Microsoft’s hardening push, helping admins detect compatibility gaps with SMB signing and Extended Protection for Authentication before enforcement. The update also fixes a device management glitch where temporary file-sharing conflicts disrupted system recovery features.

Windows Backup for Organizations reaches general availability, offering enterprise-grade backup and restore for Entra-joined devices. It integrates with Intune to simplify refresh and migration workflows, but IT teams should validate full restore scenarios—including complex images and BitLocker states—before relying on it for fleet transitions.

PowerShell 2.0 is officially removed from Windows 11 24H2 starting with this update, as previously announced for August 2025. Deprecated since 2017, this legacy component can break older management scripts and vendor tools. Administrators must inventory and migrate any remaining PS 2.0 dependencies to PowerShell 5.1 or 7.x.

Deployment Challenges: Large Payloads and Phased Rollout

One of the most immediate impacts of KB5065426 is its size. Offline .msu packages have ballooned to approximately 3.6–3.8 GB per client architecture because Microsoft is bundling on-device AI model binaries alongside OS fixes. This strains bandwidth, disk space (even the installation process needs breathing room), and update scheduling—especially in change windows with limited time or metered connections.

The rollout itself is staggered in two tiers: a "gradual rollout" for new user-facing AI features, widgets, and Copilot+ experiences (enabled in waves based on hardware, region, and licensing), and a "normal rollout" for core quality and reliability fixes. Even after a machine installs the update, it may take days or weeks for features to appear.

Feature disparity is a real operational concern. In a single organization, some Copilot+ devices with appropriate licenses may gain Recall and Click to Do, while others on the exact same build do not. This can spike helpdesk calls if users aren’t prepped with clear communication about phased availability and hardware prerequisites.

Privacy Considerations

The arrival of Recall and on-device generative models raises legitimate privacy questions. Recall’s snapshot collection stores local activity thumbnails and metadata. While Microsoft enforces opt-in, local encryption, and Windows Hello gating, those snapshots become a high-value target if endpoint security is weak. Organizations should treat Recall as a feature requiring explicit policy review and device hardening before adoption.

The fact that AI model binaries ship even to non-Copilot+ PCs expands the code footprint on every updated machine, increasing disk usage and potential attack surface. The new Text and Image Generation control page is a welcome transparency tool, but it only tracks apps that self-report usage. It cannot substitute for deeper endpoint monitoring or application allow-listing.

Rollout Recommendations

For home users: If you value the new UI polish (the seconds clock, File Explorer dividers, improved search) and aren’t tight on disk space, install via Windows Update. Don’t panic if Recall or other AI features stay hidden—they’ll activate only when Microsoft flips the switch for your device.

For IT administrators:

  • Pilot first. Choose a ring covering consumer, Copilot+, ARM64, and domain-joined hardware. Test critical apps, sign-in flows, backup/restore, and management tooling.
  • Check disk and bandwidth. Ensure endpoints have enough free space for the multi-GB .msu. Use Delivery Optimization, WSUS, or pre-cache from the Microsoft Update Catalog.
  • Audit SMB posture. Enable SMB auditing tools in monitoring mode before enforcement.
  • Inventory scripts. Hunt for PowerShell 2.0 dependencies and migrate them. Validate backup applications with ReFS volumes.
  • Define Recall policy. If you plan to enable Recall, set snapshot retention, backup exclusions, and user consent requirements before rollout.
  • Test Windows Backup for Organizations. Run full device backup and restore simulations across different hardware models and driver sets.
  • Communicate. Prepare end-user messaging that explains why some see AI features and others do not, and how to enable visible settings like the notification center clock.

The Bottom Line

KB5065426 is best described as a polish-and-prep release. It tidies dozens of small UI paper cuts—the seconds clock, File Explorer context menus, Task Manager metrics—while seeding the OS with on-device AI components that will light up over time. For owners of Copilot+ PCs with the right licenses, it unlocks genuinely useful productivity enhancements. For enterprise administrators, it delivers essential stability fixes and security hardening aids, but the large payload and feature gating introduce deployment friction that demands a measured, pilot-driven approach. Deploy thoughtfully, test thoroughly, and treat generative features as configurable capabilities requiring both privacy review and operational planning.

If you approach KB5065426 as a cumulative update that happens to carry AI scaffolding rather than a full-blown feature release, you’ll set the right expectations. Home users who install it now get a smoother Windows 11 experience while waiting for AI features to mature; enterprises that pilot with care can harness the reliability gains without stumbling over the deployment complexity.