Microsoft releases emergency updates to fix Windows Server issues

Microsoft Releases Emergency Updates to Fix Windows Server Issues (April 2026)

1. Overview

• In response to issues triggered by the April 2026 security updates, Microsoft issued out-of-band (OOB) updates to address critical problems affecting Windows Server deployments.
• The problems include installation failures on Windows Server 2025 when applying the KB5082063 security update and restart loops on domain controllers caused by LSASS crashes after the monthly Patch Tuesday updates.
• Additional complications surfaced when some servers booted into BitLocker recovery after the KB5082063 install, and a long-standing upgrade bug that could push Windows Server 2019 and Windows Server 2022 instances toward Windows Server 2025 unexpectedly was resolved.
• Microsoft characterized the OOB releases as targeted fixes designed to stabilize affected server roles and minimize disruption during startup and authentication processes.

1. Root Causes and Symptom Set

• Installation failures: Administrators applying KB5082063 on Windows Server 2025 devices could encounter failures during the update process.
• Domain controller restarts: Some domain controllers experienced automatic restart loops due to LSASS crashes following the regular security updates.
• Early authentication requests: The restart issue could be triggered when server processes authentication requests very early during startup, particularly on domain controllers.
• BitLocker recovery prompt: A subset of Windows Server 2025 devices could boot into BitLocker recovery mode after installing the security update, requiring a BitLocker key to continue.
• Upgrade irregularities: A bug that caused Windows Server 2019 and Windows Server 2022 machines to upgrade unexpectedly to Windows Server 2025 was addressed, reducing unintended cross-version migrations.

1. Affected Windows Server Versions and Corresponding KBs

• Windows Server 2025: KB5091157 (OS Build 26100.32698)
• Windows Server, version 23H2: KB5091571 (OS Build 25398.2276)
• Windows Server 2022: KB5091575 (OS Build 20348.5024)
• Windows Server 2019: KB5091573 (OS Build 17763.8647)
• Windows Server 2016: KB5091572 (OS Build 14393.9062)
• Windows Server 2025 Datacenter: Azure Edition: Hotpatch KB5091470 (OS Build 26100.32704)
• Windows Server 2022 Datacenter: Azure Edition: Hotpatch KB5091576 (OS Build 20348.5029)

1. What the KBs Address

• KB5091157 (Windows Server 2025) targets both the installation failure of KB5082063 and the domain controller restart issue, delivering a unified fix for these two critical problems.
• KB5091571, KB5091575, KB5091573, KB5091572, and the Azure Edition hotpatches provide targeted remedies to the domain controller restart issue in their respective environments, with the Windows Server 2025 OOB update offering the broader resolution.
• The updates for Azure Edition hotpatches (Datacenter variants) focus on maintaining stability in cloud-augmented server deployments where hotpatching is in use.
• In addition to these core fixes, Microsoft noted related protective measures and post-update behavior observed across different server roles, emphasizing that OOB updates for non-2025 versions address the domain controller restart issue primarily.

1. More Context: Related Out-of-Band Updates and Earlier Fixes

• Earlier in the year, Microsoft rolled out emergency fixes for a Bluetooth device visibility bug that affected certain Windows 11 hotpatch-enabled devices.
• Additional hotpatches addressed a RRAS (Routing and Remote Access Service) RCE vulnerability affecting Windows 11 Enterprise devices configured with hotpatching.
• Separate out-of-band updates were issued to resolve issues with sign-in using Microsoft accounts and to address installation problems related to the March 2026 non-security preview update.
• These broader OOB updates illustrate Microsoft’s ongoing approach to stabilizing a range of Windows server and client components outside the regular monthly cadence.

1. Messaging from Microsoft

• The company clarified that the Windows Server 2025 OOB update (KB5091157) provides a combined fix for both the installation failure and the domain controller restart issue, while OOB updates for other supported Windows Server versions primarily address the domain controller restart issue.
• Admins were advised to review the specific Microsoft support articles corresponding to each KB to confirm scope, OS build compatibility, and any post-install considerations.
• The emphasis remained on rapid remediation to reduce disruption on servers with DC roles and to prevent cascading restart loops in environments reliant on Active Directory.

1. Related Reads and Continuations

• Microsoft: Some Windows servers enter reboot loops after April patches.
• Microsoft: April Windows Server 2025 update may fail to install.
• New Windows 11 emergency update fixes preview update install issues.
• New Windows 11 hotpatch fixes Bluetooth device visibility issue.
• Recently leaked Windows zero-days now exploited in attacks.
• These entries provide broader context for ongoing security maintenance and the ecosystem of emergency updates beyond the Windows Server family.

1. Closing Notes on the Update Landscape

• The April 2026 emergency updates underscore Microsoft’s commitment to rapid response when security and stability regressions surface in enterprise environments.
• Administrators managing Windows Server fleets should track the availability of these KBs, verify OS build compatibility, and monitor for any reboot behavior following the updates.
• The evolving nature of out-of-band patches demonstrates the importance of aligning server maintenance windows with the latest fixes to minimize service disruption and preserve authentication and domain controller health.