Microsoft’s September 9, 2025 cumulative update for Windows 11 24H2, KB5065426 (OS Build 26100.6584), is no ordinary patch. Weighing in at roughly 3.8GB for offline installers, it packs on-device AI model binaries and enables a suite of Copilot+ features on a wider range of hardware, moving beyond monthly security fixes to deliver visible UI refinements and new capabilities. The update follows Microsoft’s dual-strategy of shipping code and models in the cumulative while gating feature enablement behind server-side flags, hardware checks, and licensing entitlements—meaning two identical builds can behave differently depending on the device and tenant configuration.

A hefty download: on-device AI models bulk up the patch

The most immediate operational change is the sheer size of this month’s update. Independent catalog checks place the offline .msu packages at approximately 3.6–3.8GB per architecture, a significant jump from typical monthly cumulatives. The bulk comes from on-device AI components required for Copilot+ experiences such as Recall, the Settings Agent, and new File Explorer actions. For home users on metered connections and enterprises with bandwidth constraints, this demands a rethink of deployment strategies. Administrators should plan distribution windows carefully, using the Microsoft Update Catalog and WSUS to cache packages locally and avoid repeated WAN transfers. The staging model also means installing KB5065426 does not guarantee immediate feature availability; server-side flags and hardware attestations still control what appears.

Recall gets a new Home page

Recall—Microsoft’s opt-in snapshot and history feature—opens to a redesigned Home landing page after this update. The new layout surfaces recent snapshots, top apps, and frequently visited websites, with a left navigation rail offering quick access to Home, Timeline, Feedback, and Settings. Snapshots remain locally encrypted and protected by Windows Hello. Recall is currently exclusive to Copilot+ hardware, and IT administrators should validate retention policies and export controls before enabling it in managed environments. The redesign aims to reduce friction when resuming workflows, but its privacy implications require a thorough review.

Settings Agent expands to AMD and Intel

Previously limited to Snapdragon-powered Copilot+ PCs, the on-device Settings Agent now arrives on eligible AMD and Intel hardware. This compact local language model accepts plain-English queries to find or recommend system settings, proposing changes only after explicit user confirmation. The agent runs entirely on the device, reducing cloud dependency and latency. Administrators can manage its behavior through policy, making it a controlled entry point for AI-assisted system management. For everyday users, it shortens the path to buried toggles, but privacy teams should audit what settings the agent can modify and ensure group policies lock down sensitive areas.

More polish: widgets, taskbar seconds, and Task Manager fixes

The widget area gains extended customization, allowing users to add, remove, and rearrange lock-screen widgets. A new small widget size option increases layout flexibility, giving users finer control over at-a-glance information. On the taskbar, the clock can now display seconds—a long-requested return for power users who need precise time tracking. System notifications become more prominent by dimming the rest of the screen when an app requests access to sensitive resources, drawing attention to critical permission prompts. Task Manager’s CPU reporting has been standardized across Processes, Performance, and Users views, eliminating the legacy “Processor Utility” inconsistency. For compatibility, the old metric remains available as an optional “CPU Utility” column in the Details view. This change improves diagnostic clarity on multi-core systems, where a single thread previously could misleadingly show 100% utilization.

File Explorer gains AI actions, search shows grids

Right-click context menus in File Explorer now include AI image-editing options such as Blur Background, Remove Background, and Erase Objects, alongside a Summarize action for documents. Some of these actions run locally on Copilot+ devices; others call Copilot or Microsoft 365 backends and require appropriate licensing. This mixed model complicates rollout decisions, as functionality depends on both hardware and tenant entitlements. Windows Search receives practical boosts: image results display in a grid view for faster visual scanning, and a progress indicator shows when indexing is still in progress, clarifying whether search results are complete. Results also indicate whether items are local or cloud-only.

Privacy controls and governance

A new Text & Image Generation page appears under Privacy & security, logging which third-party apps invoked built-in generative models and offering per-app toggles to restrict access. This is a forward step for transparency, but its effectiveness depends on enforcement boundaries. Recall’s local encryption and opt-in model are reassuring, yet enterprises must verify snapshot retention, export mechanics, and whether data loss prevention tooling can cover recorded content. The enhanced permission prompts that dim the background improve user focus but increase the chance of reflexive clicks; administrators should review workflows that depend on unattended approvals.

Enterprise considerations: PowerShell 2.0 removal and backup

Microsoft has begun removing legacy Windows PowerShell 2.0 from 24H2 images. This long-planned deprecation can break scripts or installers that explicitly invoke PS 2.0. Admins must audit and migrate to PowerShell 5.1 or 7.x before broad rollout. On the positive side, Windows Backup for Organizations is nearing general availability, simplifying device refresh and migration for Entra-joined devices. This can materially reduce downtime during hardware swaps but requires integration with existing MDM and backup processes. Testing in pilot rings is essential.

Deployment implications and risks

The September Patchday brings tangible usability wins but introduces operational headwinds. Larger cumulative packages strain storage on devices with limited SSDs and increase bandwidth costs. Feature fragmentation—caused by server-side gating, hardware requirements, and licensing gates—will generate support tickets from users who cannot find features they read about. The on-device AI components expand the privacy surface area; organizations should treat them as a new attack surface until vetted. Some File Explorer AI actions and summarization features require Microsoft 365/Copilot licensing, creating a tiered experience that complicates helpdesk instructions.

What users and administrators should do

Home users on metered connections should review the update size before downloading. Those interested in Recall or the Settings Agent should confirm their device is Copilot+ certified and that their region and language are supported. For IT teams, a structured pilot is critical: test update distribution, validate PowerShell script compatibility, verify backup/restore workflows, and configure policy controls for on-device agents and generative toggles. Use the Microsoft Update Catalog to stage downloads and update knowledge base articles to reflect feature gating and licensing dependencies. Privacy and security teams should test the Text & Image Generation controls and Recall’s data management before flipping on any Copilot+ capabilities at scale.

KB5065426 signals that monthly Windows updates are no longer just about security—they are vehicles for delivering the AI scaffolding that will define Windows 11’s future. The features added this month are meaningful, but the operational shift toward larger, model-heavy packages demands new deployment disciplines. For users, the update is a welcome dose of polish; for enterprises, it is a call to adapt patch management, privacy governance, and licensing strategies to an AI-accelerated world.