Microsoft releases Windows Server update fix to fix its April update fixes

Out-of-band or out of control?

by · The Register

Microsoft has pushed out an out-of-band update to address the restart loop that hit some Windows Server devices after its April update.

The fix will spare administrators the headache of forced server restarts after installing the April 2026 update. (A reminder that deploying any Microsoft update directly to production without thorough testing is, to put it charitably, a bold life choice.)

Microsoft said of the botched update, "After installing the April 2026 Windows security update (KB5082063) and rebooting, domain controllers (DCs) in environments with multiple domains in the forest that use Privileged Access Management (PAM), might experience LSASS crashes during startup.

"As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable."

A Windows domain outage can have serious consequences. Any resource requiring authentication - network shares for example - may become inaccessible.

Microsoft veteran says some 'broken by update' PCs were already doomed: Patch Tuesday often gets blamed when a reboot merely exposes damage already done, according to ChenRichard Speed, 02 Apr 2026

The issue affected Windows Server 2016 through 2025, and was serious enough that Microsoft issued an out-of-band update, with hotpatches also available.

The fixes also address failed installations, though a Domain Controller restarting unexpectedly is the likelier source of panicked support tickets from users locked out of critical resources.

Only Windows Servers were affected by the restart issue; Windows devices dodged the update bullet this time. But there is a known issue with the April update where "some devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key on the first restart after installing this update."

The problem should affect only enterprise devices.

Out-of-band updates, which should be the exception rather than the norm, have become a way of life for Windows administrators. Microsoft had to issue one in March after breaking app sign-in with a Microsoft account, and it had to put out another out-of-band in April to address the domain controller restart problem.

Affected users could be forgiven for thinking "out-of-band" is starting to sound a lot like "out of control" as far as Microsoft's quality control is concerned. ®

Microsoft fixes broken Windows update days after vowing fewer broken updates: The era of reliability begins... right after this out-of-band patchRichard Speed, 23 Mar 2026Microsoft yanks Windows 11 preview update after install failures: KB5079391 pulled after some devices hit errors, adding to recent quality woesRichard Speed, 30 Mar 2026Microsoft veteran says some 'broken by update' PCs were already doomed: Patch Tuesday often gets blamed when a reboot merely exposes damage already done, according to ChenRichard Speed, 02 Apr 2026Microsoft reaches for yet another out-of-band patch to deal with latest update issue: Weren't these supposed to be 'atypical'?Richard Speed, 31 Mar 2026