Microsoft: Some Windows servers enter reboot loops after April patches
Microsoft April 2026 Windows Server patch causes LSASS crashes and reboot loops on domain controllers.
Summary
Microsoft confirmed that its April 2026 security update (KB5082063) is causing LSASS crashes and restart loops on non-Global Catalog domain controllers in environments using Privileged Access Management (PAM), affecting Windows Server 2025, 2022, 23H2, 2019, and 2016. The issue prevents authentication and directory services from functioning, potentially rendering affected domains unavailable. Microsoft is developing a fix and advises affected admins to contact Microsoft Support for Business for mitigation guidance.
Full text
Microsoft: Some Windows servers enter reboot loops after April patches By Sergiu Gatlan April 17, 2026 03:59 AM 0 Microsoft has confirmed that some Windows domain controllers are entering restart loops due to Local Security Authority Subsystem Service (LSASS) crashes after installing the April 2026 security updates. The company also warned that Windows admins may encounter this issue when setting up new domain controllers, or even on existing ones, if the server processes authentication requests very early in the startup process. "After installing the April 2026 Windows security update (KB5082063) and rebooting, non‑Global Catalog (non‑GC) domain controllers (DCs) in environments that use Privileged Access Management (PAM), might experience LSASS crashes during startup," Microsoft said in a release health dashboard update. "As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable." This known issue only impacts organizations using Privileged Access Management (PAM) and is unlikely to affect personal devices that aren't managed by an IT department. The list of affected platforms includes systems running Windows Server 2025, Windows Server 2022, Windows Server 23H2, Windows Server 2019, and Windows Server 2016. While Microsoft is still working on a fix, it advised IT administrators to contact Microsoft Support for Business for mitigation measures that can be applied even after deploying the April 2026 update. Microsoft has addressed multiple domain controller issues caused by security updates in recent years, most recently resolving Windows Server authentication problems in June 2025, which were caused by the April 2025 security updates. Almost a year earlier, in May 2024, it fixed another known issue that triggered NTLM authentication failures and domain controller reboots after deploying the April 2024 Windows Server security updates. In March 2024, it released emergency out-of-band (OOB) updates to fix Windows domain controller crashes after installing the March 2024 Windows Server security patches. Microsoft is now also investigating a separate issue causing this month's KB5082063 Windows security update to fail to install on some Windows Server 2025 systems. On Wednesday, it also warned admins that some Windows Server 2025 devices may also prompt users to enter a BitLocker key after deploying the KB5082063 update. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Microsoft fixes bug behind Windows Server 2025 automatic upgradesMicrosoft: April updates trigger BitLocker key prompts on some serversMicrosoft: April Windows Server 2025 update may fail to installRecently leaked Windows zero-days now exploited in attacksNew Windows 11 emergency update fixes preview update install issues