Microsoft's December 2025 cumulative update KB5072033 for Windows 11 has triggered widespread reports of unexpected memory consumption, with users across forums and IT departments documenting significant RAM usage by the Delivery Optimization service (DoSvc) and changes to the AppX Deployment Service (AppXSVC). While Microsoft officially documented the AppXSVC configuration change as an intentional reliability improvement, the community has identified what appears to be a memory leak in DoSvc that's impacting system performance, particularly on constrained devices.

The Official Changes in KB5072033

According to Microsoft's official documentation, KB5072033 advances Windows 11 to builds 26200.7462 for version 25H2 and 26100.7462 for version 24H2. The update includes security hardening, quality improvements to File Explorer's dark mode, and Copilot reliability enhancements. The most significant operational change documented by Microsoft is the modification of the AppX Deployment Service (AppXSVC) from a trigger-start service to an Automatic startup type.

Microsoft states this change was made to "improve reliability in some isolated scenarios," but this seemingly minor configuration adjustment has had substantial real-world consequences. Services that previously remained dormant until needed now run continuously from system boot, creating measurable overhead on systems with limited resources.

Community Reports of Memory Issues

Windows enthusiasts and IT administrators began reporting problems shortly after installing KB5072033. The WindowsForum discussion reveals consistent patterns across user experiences:

  • Delivery Optimization Service Memory Growth: Users report that DoSvc processes show steadily increasing memory consumption over time, sometimes reaching levels that noticeably impact system responsiveness. This is particularly problematic on systems with 4-8GB of RAM where background services consume a significant percentage of available memory.

  • Monitoring System Alerts: Enterprise environments have experienced increased monitoring noise, with systems like Zabbix generating false positive alerts due to AppXSVC start/stop cycling. The service starts automatically at boot, performs minimal work, stops, then restarts because of its Automatic flag—creating a cycle that monitoring systems interpret as failure events.

  • Performance Impact on Constrained Systems: Laptops, low-end desktops, virtual desktop infrastructure (VDI) hosts, and Remote Desktop Session Hosts show the most noticeable performance degradation. Users report UI stutters, gaming performance drops, and reduced multitasking capability.

Technical Analysis: Why These Changes Matter

Trigger-Start vs. Automatic Services

Understanding the difference between trigger-start and automatic services is crucial to grasping why KB5072033's changes have such impact. Trigger-start services remain dormant until a specific system event or user action requires them. This design preserves memory and CPU resources for foreground applications. When a service switches to Automatic startup, its binary and thread pools initialize at system boot and remain resident in memory even when idle.

On modern systems with ample RAM, this overhead is negligible. However, on constrained devices or consolidated server environments, these always-on services become measurable performance costs. The WindowsForum analysis notes that even idle services maintain code mapping in memory, registered timers, worker threads, and potentially cached state—all consuming resources that could otherwise support user applications.

Delivery Optimization's Memory Management

The Delivery Optimization service implements Microsoft's peer-to-peer update distribution system, allowing Windows devices to share update files locally rather than downloading everything from Microsoft servers. This service includes complex caching mechanisms, peer discovery protocols, and network state management.

Community analysis suggests several potential causes for the observed memory growth:

  • Unbounded Memory Caches: DoSvc's caching mechanisms may not be properly trimmed under the new service timing or trigger semantics introduced by KB5072033
  • Reference Retention Issues: Worker threads or queues might allocate objects and retain references, preventing proper garbage collection or memory freeing
  • Latent Code Path Bugs: The new service startup timing could initialize subsystems earlier than before, exposing previously dormant bugs in rarely executed code paths

These issues manifest as steady RAM consumption growth even when CPU and network usage appear normal—classic symptoms of a memory leak.

Who's Most Affected by These Issues?

Based on community reports and technical analysis, several user groups face particular challenges:

Home Users with Limited Hardware

Systems with 4-8GB of RAM show the most dramatic performance impacts. The WindowsForum discussion notes that background resident memory becomes "a material percentage of available physical memory" on these devices, leading to noticeable slowdowns during multitasking, gaming, or media consumption.

Enterprise and IT Environments

Organizations managing VDI deployments, Remote Desktop Session Hosts, and consolidated server environments face operational challenges. Every resident process impacts density and monitoring, and the start/stop cycling of AppXSVC generates excessive monitoring alerts that flood IT support queues.

Gaming and Performance-Conscious Users

Even systems with ample RAM can experience performance degradation, particularly during gaming sessions where consistent frame rates matter. Background memory consumption can interfere with game performance, causing stutters and reduced responsiveness.

How to Check if You're Affected

Quick Diagnostic Steps

  1. Task Manager Analysis: Press Ctrl+Shift+Esc to open Task Manager, sort processes by Memory usage, and look for Delivery Optimization (DoSvc) or its svchost.exe host process showing unusual memory growth over time

  2. Resource Monitor: Open resmon.exe (Resource Monitor) for deeper inspection of private bytes, working set, handles, and thread counts for DoSvc processes

  3. Build Verification: Check your Windows version by pressing Win+R, typing "winver," and confirming you're running builds 26200.7462 or 26100.7462

Advanced Diagnostic Tools

The WindowsForum discussion recommends several tools for thorough investigation:

  • Process Explorer: Microsoft's advanced process monitoring tool provides detailed memory allocation information
  • RAMMap: Analyzes physical memory allocation to identify memory leaks
  • ProcMon: Monitors file system, registry, and process activity to correlate with memory growth
  • Performance Monitor: Tracks service performance counters over time

Immediate Mitigations and Workarounds

For Home Users: Delivery Optimization Settings

The simplest first step for most users involves adjusting Delivery Optimization settings:

  1. Open Settings → Windows Update → Advanced options → Delivery Optimization
  2. Toggle "Allow downloads from other PCs" to Off
  3. Alternatively, set bandwidth limits under Advanced options to restrict DoSvc's activity

These changes limit the service's operation without disabling core update functionality and are fully reversible.

For Persistent Issues: Service Management

If adjusting settings doesn't resolve memory issues, more direct intervention may be necessary:

Temporarily Disable Delivery Optimization:
- Open Services.msc (services.msc)
- Find "Delivery Optimization" service
- Click Stop and set Startup type to Disabled
- Reboot to apply changes

Registry Alternative:
- Open Registry Editor as Administrator
- Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DoSvc
- Modify the Start REG_DWORD value to 4 (Disabled)
- Reboot to apply

For Enterprise Environments: AppXSVC Reversion

IT administrators managing servers or VDI environments may need to revert AppXSVC to its previous configuration:

# Open elevated PowerShell or Command Prompt
sc config AppXSVC start= demand

This command changes AppXSVC back to manual (trigger-start) operation, which community reports indicate reduces monitoring noise and memory consumption on sensitive hosts.

Risks and Considerations

Performance vs. Functionality Trade-offs

Each mitigation carries specific trade-offs:

  • Disabling Delivery Optimization: Updates download directly from Microsoft servers, potentially increasing bandwidth usage on constrained connections
  • Reverting AppXSVC: May introduce delays in Microsoft Store app deployment and registration, though most desktop users won't notice this impact
  • Registry Modifications: Incorrect changes can break system servicing behavior; always prefer official commands (sc config) or managed policy changes

Enterprise Management Considerations

Organizations should:

  1. Test mitigations in pilot groups before widespread deployment
  2. Consider using Group Policy or Microsoft Intune for consistent configuration management
  3. Monitor for Microsoft's Known Issue Rollback (KIR) packages that may provide official fixes
  4. Maintain system restore points or snapshots before making service configuration changes

Microsoft's Response and Future Outlook

Current Official Position

As of this writing, Microsoft has:

  • Officially documented the AppXSVC startup type change in KB5072033 release notes
  • Not issued a public advisory acknowledging a Delivery Optimization memory leak specifically linked to this update
  • Continued to monitor community feedback through official channels

Historical Context and Expectations

Microsoft typically addresses post-update regressions through several channels:

  • Next Patch Tuesday: Bundling fixes into regular monthly updates
  • Out-of-Band Hotfixes: Issuing emergency patches for critical issues
  • Known Issue Rollbacks: Providing enterprise customers with configuration reversal tools

Administrators should monitor the Windows release health dashboard and Microsoft Q&A forums for official updates.

Best Practices for Affected Users

Home User Action Plan

  1. Monitor First: If you're not experiencing noticeable slowdowns, continue monitoring without immediate action
  2. Gradual Intervention: Start with Delivery Optimization settings adjustments before disabling services
  3. Driver Updates: Ensure graphics and firmware drivers are current, as these often mitigate performance issues
  4. Feedback Submission: Use Windows Feedback Hub to report issues with detailed descriptions and performance traces

Enterprise Administrator Strategy

  1. Pilot Testing: Deploy KB5072033 to test groups before production rollout
  2. Monitoring Configuration: Adjust monitoring thresholds to account for AppXSVC start/stop cycling
  3. Scripted Remediation: Use Group Policy Preferences or PowerShell scripts for consistent service configuration management
  4. Diagnostic Collection: Gather Process Explorer, RAMMap, and ETW traces for Microsoft support cases

Long-Term Implications and Lessons

Configuration Management in Cumulative Updates

KB5072033 highlights the challenges of configuration changes in mass-deployed operating system updates. What Microsoft describes as a "reliability tweak" for "isolated scenarios" has created widespread operational impacts. This underscores the importance of:

  • Thorough Testing: Both Microsoft's internal testing and community preview programs
  • Gradual Rollouts: Phased deployment strategies that catch issues before widespread impact
  • Clear Communication: Detailed documentation of configuration changes and their potential impacts

Community-Driven Problem Solving

The WindowsForum discussion demonstrates the power of community collaboration in identifying and addressing Windows issues. Users sharing experiences, diagnostic results, and workaround strategies create collective knowledge that benefits all Windows users. This community-driven approach complements Microsoft's official support channels and often surfaces issues more quickly than traditional support escalation paths.

Conclusion: Balancing Security, Reliability, and Performance

KB5072033 represents a classic technology management challenge: balancing security improvements and reliability enhancements against system performance and stability. The update delivers important security hardening while introducing operational changes that have unintended consequences for some users.

The community's response—methodical diagnosis, practical workarounds, and constructive feedback—provides a model for addressing similar issues in the future. For now, affected users have multiple mitigation options ranging from simple settings adjustments to more comprehensive service configuration changes.

As Windows continues to evolve through cumulative updates, both Microsoft and the user community must maintain this collaborative approach to problem-solving. The KB5072033 experience reinforces that even small configuration changes in a massively deployed operating system can have significant real-world impacts, and that careful testing, monitoring, and community engagement remain essential components of the Windows ecosystem.