Microsoft has taken proactive measures to address several critical issues impacting Windows Server systems following the April 2026 security updates. In a recent announcement, the tech giant confirmed that some administrators have encountered difficulties when attempting to install the KB5082063 security update on devices running Windows Server 2025.
Out-of-Band Updates Released
Compounding the situation, this month’s Patch Tuesday cumulative updates have led to a troubling scenario where certain Windows servers, particularly those with domain controller roles, are caught in a restart loop. This is attributed to failures in the Local Security Authority Subsystem Service (LSASS), which is essential for managing security policies and user authentication.
Microsoft has cautioned that these issues may also arise during the setup of new domain controllers or even affect existing ones if the server attempts to process authentication requests too early in the startup sequence.
To mitigate these challenges, Microsoft has rolled out emergency out-of-band updates for the affected Windows Server versions. Specifically, the Windows Server 2025 OOB update (KB5091157) is designed to resolve both the installation failure and the domain controller restart problems. Meanwhile, OOB updates for other supported Windows Server versions focus solely on addressing the restart issue.
In a related development, Microsoft alerted administrators that certain Windows Server 2025 devices may unexpectedly boot into BitLocker recovery mode, prompting users to enter a BitLocker key after the installation of the KB5082063 update. This adds another layer of complexity for system administrators managing these environments.
Additionally, Microsoft has finally tackled a longstanding bug that has affected Windows servers since September 2024. This issue caused devices running Windows Server 2019 and Windows Server 2022 to upgrade to Windows Server 2025 without prior notice, creating further disruption for IT departments.
Throughout the year, Microsoft has also issued emergency updates to resolve various other issues, including a Bluetooth device visibility bug and security vulnerabilities within the Routing and Remote Access Service (RRAS) management tool, particularly impacting hotpatch-enabled Windows 11 Enterprise devices. Furthermore, two additional sets of out-of-band updates have been released to rectify sign-in problems with Microsoft accounts and installation issues related to the March 2026 non-security preview update.
