April Windows Server Update Triggers Domain Controller Reboot Loops
Microsoft said the Windows security update KB5082063 can cause some Windows domain controllers to enter continuous reboot loops after LSASS crashes during startup. The issue affects non-Global Catalog domain controllers in environments using Privileged Access Management, disrupting Active Directory authentication and directory services and potentially making affected domains unavailable. Impacted platforms include Windows Server 2016, 2019, 2022, 23H2, and 2025, while consumer systems and devices outside IT-managed domains are not affected.
Microsoft has not yet released a fix and is advising affected organizations to contact Microsoft Support for Business for mitigation guidance. The company also acknowledged two other known issues tied to KB5082063: installation failures on some Windows Server 2025 systems and BitLocker recovery key prompts on some Windows Server 2025 devices. The incident adds to a string of recent Windows Server update problems that have affected domain controllers and authentication services in enterprise environments.
Timeline
Apr 20, 2026
Microsoft releases emergency OOB updates for KB5082063 server issues
Microsoft issued out-of-band emergency updates to fix problems caused by the April 2026 security updates across multiple Windows Server versions. The Windows Server 2025 OOB update KB5091157 addressed both KB5082063 installation failures and domain controller reboot loops, while OOB updates for other supported server versions fixed the restart-loop issue.
Apr 17, 2026
Microsoft advises affected admins to contact support while fix is developed
Microsoft said it was still developing a fix for the KB5082063 reboot-loop issue and directed impacted administrators to Microsoft Support for Business for mitigation guidance. The company also noted separate April 2026 problems tied to the same update, including installation failures and BitLocker recovery prompts on some Windows Server 2025 systems.
Apr 17, 2026
Microsoft confirms April KB5082063 causes domain controller reboot loops
Microsoft disclosed that the April 2026 Windows security update KB5082063 can trigger LSASS crashes during startup on some non-Global Catalog domain controllers in Privileged Access Management environments, causing continuous reboot loops. The issue affects Windows Server 2016, 2019, 2022, 23H2, and 2025 and can disrupt authentication and directory services.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Windows Update Bug Triggers BitLocker Recovery Mode on Reboot
A bug in recent Windows security updates has caused some systems to unexpectedly boot into BitLocker recovery mode after installation and reboot. Microsoft confirmed that the issue primarily affects Intel devices with Connected Standby (Modern Standby) support, impacting platforms such as Windows 11 24H2, 25H2, and Windows 10 22H2. Users encountering this problem are required to enter their BitLocker recovery key to regain access, after which the system resumes normal operation without further prompts. Microsoft has acknowledged the problem and advised IT administrators to use a group policy delivered via Known Issue Rollback (KIR) as a mitigation, with further support available through Microsoft Support for business customers. This incident follows similar BitLocker recovery issues triggered by Windows updates in May 2025, August 2024, and August 2022, highlighting a recurring challenge with update compatibility and BitLocker functionality on certain hardware configurations.
1 weeks ago
Windows 11 KB5077181 Patch Tuesday Update Triggers and Fixes Boot Failures
Microsoft’s February 2026 Windows 11 cumulative security update **KB5077181** (for versions **24H2** and **25H2**) was associated with significant boot reliability issues reported shortly after deployment, including systems entering **infinite restart loops** and failing to reach the desktop. Reports described login-time errors (including **System Event Notification Service (SENS)** procedure errors) and network symptoms such as **DHCP failures**, while Microsoft’s public release notes and health dashboard were reported as not listing known issues at the time. The update also shipped broad security remediation, with reporting citing **58 vulnerabilities** addressed and **six actively exploited zero-days** referenced via CISA’s **Known Exploited Vulnerabilities** catalog, including fixes for issues such as SmartScreen bypass (`CVE-2026-21510`), Desktop Window Manager EoP (`CVE-2026-21519`), Remote Desktop Services EoP (`CVE-2026-21533`), and a Notepad RCE via crafted Markdown (`CVE-2026-20841`). Separately, Microsoft stated that **KB5077181** fully resolved a specific Windows 11 boot failure condition affecting a limited set of **commercial physical devices** on **24H2/25H2** that could become unbootable (e.g., **"UNMOUNTABLE_BOOT_VOLUME"**) after installing **KB5074109** or later updates when a **December 2025** security update had previously failed and rolled back, leaving the OS in an “improper state.” Microsoft indicated an earlier mitigation shipped in the optional preview update **KB5074105** (Jan 29, 2026) to prevent additional devices from being impacted, and that the February Patch Tuesday release delivered the complete fix; the issue was not reported as affecting home users or virtual machines.
1 months ago
Microsoft Windows January Updates Trigger Shutdown/Reboot Bug on VSM-Enabled Systems
Microsoft confirmed a **known issue** introduced by January Windows updates that can prevent affected PCs from shutting down properly, sometimes causing an unexpected reboot when users attempt to shut down. The problem is tied to systems with **Virtual Secure Mode (VSM)** / **Virtualization-Based Security (VBS)** enabled, which uses hardware virtualization to create a protected “secure kernel” intended to isolate sensitive assets (e.g., credentials, cryptographic keys, and security tokens) and underpin features like **Credential Guard**, **Device Guard**, and **Hypervisor-Protected Code Integrity**. Microsoft reports the issue affects **Windows 10 22H2**, **Windows 10 Enterprise LTSC 2021**, and **Windows 10 Enterprise LTSC 2019** when VSM is enabled and the **KB5078131** or **KB5073724** updates are installed; it was previously observed on **Windows 11 23H2** systems with **KB5073455** and **System Guard Secure Launch** enabled. As a temporary workaround, Microsoft advises impacted users to shut down via command line using `shutdown /s /t 0` while a broader fix for VSM-enabled systems is developed (with out-of-band updates already issued for the Windows 11 variant).
1 months ago