emergency updates Archives

Winsage

June 11, 2026

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.

Winsage

May 28, 2026

Windows Server 2016 fails to find domain controller

Microsoft has acknowledged an issue with the May 2026 security update for Windows Server 2016, affecting systems with hostnames of exactly 15 characters, which leads to failed domain controller (DC) lookups. The error occurs during DC lookups, specifically returning the error code ERRORINVALIDPARAMETER. Servers with 14 or 16 character hostnames are not affected. Administrators may face challenges with DFS Namespace management and other functions reliant on DC access. Microsoft is investigating the issue but has not provided a timeline for a fix. Windows Server 2016's mainstream support ended in January 2022, but extended support will continue until January 2027.

Winsage

May 10, 2026

Microsoft Confirms KB5083769 Breaks Macrium and Acronis Backups

Microsoft's April 2026 Windows security update, KB5083769, may disrupt image-mount operations for backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup due to the addition of the psmounterex.sys kernel driver to its Vulnerable Driver Blocklist. This action was taken to address a high-severity buffer overflow vulnerability, CVE-2023-43896. The inclusion of this driver in the blocklist has rendered several backup products inoperable, and Microsoft will not retract the block for security reasons. Administrators can use Event ID 3077 in the Code Integrity log to confirm that the blocklist is causing the failures. Microsoft advises updating backup applications to versions that include necessary driver protections instead of uninstalling or pausing the security patch. Additionally, the April updates have caused other issues, such as failures in Windows Server installations and devices booting into BitLocker recovery mode.

Winsage

April 20, 2026

Emergency Update for Windows Server Following Reboot Issues

Microsoft has released emergency updates for various versions of Windows Server due to issues arising from the April 2026 Patch Tuesday security updates. A significant problem was a reboot loop affecting domain controllers caused by crashes of the Local Security Authority Subsystem Service (LSASS), which disrupted authentication services. This issue was especially problematic during the setup of new domain controllers. Additionally, some Windows Server 2025 systems encountered difficulties in installing the security update KB5082063. The out-of-band update (KB5091157) for Windows Server 2025 addresses both the installation failure and the domain controller restart issue. Other updates targeting the domain controller restart problem were released for additional supported Windows Server versions. Microsoft has introduced an out-of-band update for seven versions, including KB5091157 for Windows Server 2025 and KB5091571 for Windows Server, version 23H2. Furthermore, some Windows Server 2025 devices may boot into BitLocker recovery mode after the update, requiring users to enter a BitLocker recovery key.

Winsage

April 20, 2026

Microsoft releases emergency updates to fix Windows Server issues

Microsoft has confirmed that some administrators are experiencing difficulties installing the KB5082063 security update on Windows Server 2025. This month's Patch Tuesday updates have caused certain Windows servers, especially those with domain controller roles, to enter a restart loop due to failures in the Local Security Authority Subsystem Service (LSASS). Microsoft has released emergency out-of-band updates, including KB5091157 for Windows Server 2025, to address both the installation failure and the restart issues. Additionally, some Windows Server 2025 devices may boot into BitLocker recovery mode after installing the KB5082063 update. A bug affecting Windows Server 2019 and Windows Server 2022 that caused unexpected upgrades to Windows Server 2025 has also been resolved. Microsoft has issued various emergency updates throughout the year to address other issues, including a Bluetooth device visibility bug and vulnerabilities in the Routing and Remote Access Service (RRAS).

Winsage

April 16, 2026

Microsoft April Update Forces BitLocker Recovery on Servers

A recent Microsoft security update, April 2026 KB5082063, has caused issues for administrators of Windows Server 2025 and Windows 11 systems, with many devices entering BitLocker recovery mode after reboot, requiring a 48-digit recovery key. This issue primarily affects enterprise-managed systems with specific TPM Group Policy settings involving PCR7 validation. Similar problems have been reported with updates KB5083769 and KB5082052 on Windows 11. The issue arises from five conditions: BitLocker must be enabled on the OS drive, the Group Policy must include PCR7, the msinfo32.exe tool must show Secure Boot State PCR7 Binding as “Not Possible,” the Windows UEFI CA 2023 certificate must be in the Secure Boot Signature Database, and the device must not be using the 2023-signed Windows Boot Manager. Microsoft suggests two workarounds: removing the TPM validation Group Policy before the update and re-enabling BitLocker, or applying a Known Issue Rollback (KIR) before installation. Skipping the April updates is not advisable due to the addressing of 167 vulnerabilities, including two zero-days. BitLocker recovery issues following updates have been recurring since 2022, with similar incidents reported in August 2022, August 2024, and May 2025, indicating ongoing challenges with Secure Boot certificates and TPM validation bindings in enterprise environments.

Winsage

April 16, 2026

Microsoft: April Windows Server 2025 update may fail to install

Microsoft is investigating an issue with the installation of the KB5082063 security update on Windows Server 2025 systems, where users are encountering the 0x800F0983 error code during the deployment of April 2026 cumulative updates. A service alert indicated that a limited number of servers may experience installation failures with this error. Additionally, some Windows Server 2025 devices may unexpectedly boot into BitLocker recovery mode after the update, requiring a BitLocker key, although this is unlikely to affect home users. Microsoft has also resolved a long-standing bug that caused Windows Server 2019 and 2022 systems to upgrade to Windows Server 2025 unexpectedly. Furthermore, Microsoft has released several emergency updates this year to address various security vulnerabilities, including issues with the Routing and Remote Access Service, Bluetooth device visibility, Microsoft account sign-ins, and installation challenges related to the March 2026 non-security preview update.

Winsage

April 16, 2026

Microsoft: April updates trigger BitLocker key prompts on some servers

Microsoft announced that certain Windows Server 2025 devices may experience a BitLocker recovery prompt after installing the April 2026 KB5082063 Windows security update. The recovery mode will be triggered under specific conditions: BitLocker must be enabled on the operating system drive, the Group Policy for TPM validation must be configured with PCR7, the Secure Boot State PCR7 Binding must indicate "Not Possible," the Windows UEFI CA 2023 certificate must be in the Secure Boot Signature Database, and the device must not be using the 2023-signed Windows Boot Manager. Microsoft stated that this issue is unlikely to affect personal devices, as the configurations are mainly found in enterprise-managed systems. They are working on a resolution and recommend administrators remove the Group Policy configuration before deploying the update. If removal is not possible, applying a Known Issue Rollback (KIR) is advised to prevent triggering the recovery prompt. Microsoft has previously addressed similar BitLocker recovery prompt issues in May 2025, August 2024, and August 2022.

Winsage

April 15, 2026

Microsoft fixes bug behind Windows Server 2025 automatic upgrades

Microsoft has resolved an issue that caused unexpected upgrades from Windows Server 2019 and 2022 to Windows Server 2025. This problem was first reported in September 2024 when administrators found their servers upgraded without the necessary licenses. Initially, Microsoft attributed the issue to misconfigured third-party update management software, while developers claimed it was due to Microsoft's procedural errors regarding update release speed and classification. Microsoft confirmed the resolution of the issue and re-enabled the upgrade offer through the Windows Update settings. Additionally, Microsoft released an out-of-band update to address complications from a previous non-security preview update and deployed emergency updates to fix sign-in disruptions across various applications. Other updates were issued to resolve Bluetooth visibility issues and security vulnerabilities in the Routing and Remote Access Service management tool.

Winsage

April 5, 2026

Microsoft Ships Emergency Windows 11 Fix for Broken Patch

On March 31, Microsoft released emergency update KB5086672 in response to issues caused by the previous preview patch KB5079391, which left many Windows 11 devices in a loop with error code 0x80073712, blocking access to March security fixes. Microsoft withdrew KB5079391, which was launched on March 26, and replaced it with KB5086672, a cumulative update that includes all fixes from March 2026. KB5086672 supersedes previous updates, including KB5079473, KB5085516, and KB5079391. Users with the "Get the latest updates as soon as they’re available" setting will receive KB5086672 automatically, while others can manually check for updates or download it from the Microsoft Update Catalog. Microsoft has been issuing multiple emergency updates recently, raising concerns about the quality of its update pipeline, with a history of emergency patches for various issues affecting Windows 10, Windows 11, and Windows Server. The issues from KB5079391 may resurface in the upcoming April cumulative update.