RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: active-directory (1 article)Clear
defense
2026-04-17

Microsoft April patches cause reboot loops on Windows Server 2025 and 2022 domain controllers - LSASS crash breaks authentication

Microsoft has confirmed that the April 2026 cumulative updates (KB5082063 for Windows Server 2025, KB5082142 for Windows Server 2022) are causing LSASS crashes that trigger reboot loops on non-Global Catalog domain controllers in environments using Privileged Access Management (PAM). Affected DCs restart repeatedly, preventing authentication and directory services from functioning, potentially rendering the entire domain unavailable. The issue also occurs when setting up new domain controllers or on existing ones processing authentication requests early in startup. A separate bug causes the April update to fail installation entirely on some Windows Server 2025 systems with error code 0x800F0983. A third issue forces some servers into BitLocker recovery mode due to Secure Boot changes bundled in the update. This is the third consecutive year April Patch Tuesday has broken Windows Server authentication - similar LSASS/domain controller issues hit in April 2024 and April 2025.

microsoftwindows-serverdomain-controllerpatch-issueslsassreboot-loopactive-directory
Check
If you run Active Directory and use Privileged Access Management (PAM), do NOT deploy the April 2026 updates to domain controllers without Microsoft mitigation guidance.
Affected
Non-Global Catalog (non-GC) domain controllers on Windows Server 2025 (KB5082063), Windows Server 2022 (KB5082142), Server 23H2, Server 2019, and Server 2016, specifically in environments using Privileged Access Management (PAM). Consumer Windows devices are not affected.
Fix
Hold deployment of the April 2026 cumulative update on affected domain controllers. Contact Microsoft Support for Business to access the official mitigation - it can be applied both before and after the April update. Microsoft is working on a permanent fix in a future Windows update. For BitLocker recovery issues: ensure you have recovery keys accessible before patching. Non-DC member servers and workstations should still be patched on schedule to close the zero-day vulnerabilities (SharePoint CVE-2026-32201, Defender CVE-2026-33825) covered in our April 15 report.