Windows Server 2025 Archives

Winsage

May 28, 2026

Windows Server 2016 fails to find domain controller

Microsoft has acknowledged an issue with the May 2026 security update for Windows Server 2016, affecting systems with hostnames of exactly 15 characters, which leads to failed domain controller (DC) lookups. The error occurs during DC lookups, specifically returning the error code ERRORINVALIDPARAMETER. Servers with 14 or 16 character hostnames are not affected. Administrators may face challenges with DFS Namespace management and other functions reliant on DC access. Microsoft is investigating the issue but has not provided a timeline for a fix. Windows Server 2016's mainstream support ended in January 2022, but extended support will continue until January 2027.

Winsage

May 26, 2026

Microsoft: Domain Controller lookup may fail on Windows Server 2016

Microsoft has acknowledged an issue affecting Windows Server 2016 systems related to domain controller lookups after the installation of the KB5087537 security update released in May 2026. The problem occurs specifically for devices with hostnames that are exactly 15 characters long, causing domain controller discovery to fail and resulting in an ERRORINVALIDPARAMETER during DCLocator calls. This issue may disrupt administrative operations that depend on domain controller lookups, such as DFS Namespace management. Microsoft is investigating the issue but has not provided a timeline for resolution.

Winsage

May 25, 2026

Windows zero-days expose gaps in built-in security protections

Two Windows zero-day vulnerabilities, YellowKey and GreenPlasma, have been identified. YellowKey targets the Windows Recovery Environment (WinRE) on Windows 11 and Windows Server 2025, allowing attackers with physical access to bypass BitLocker protections using a USB device. GreenPlasma affects Windows 10, Windows 11, and Windows Server environments with active Collaborative Translation Framework Monitor (CTFMON) sessions, enabling local privilege escalation from a standard user account to SYSTEM-level privileges. Both vulnerabilities require either physical or local access to exploit. Microsoft has not yet released patches for these vulnerabilities, prompting organizations to enhance their security measures and operational resilience. Recommendations include reassessing physical security, limiting local administrative access, and implementing multifactor authentication and robust credential management practices.

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Winsage

May 21, 2026

A Windows 11 bug blocks all updates since February. Here’s what to do

A segment of Windows 11 users has been unable to receive updates since February due to issues stemming from the January Preview Update, which caused download timeouts. This has resulted in missed security patches and critical updates related to Secure Boot certificates. Users may experience crashes during the update process, indicated by the error code 0x80010002. To check if affected, users can view their update history in Settings; if no updates have been installed since January and updates have not been paused, they are likely impacted. Microsoft is working on a fix linked to download timeout changes and firewall settings. A Known-Issue Rollback (KIR) can be executed to revert to a previous state before the problematic update, restoring normal functionality. This rollback is available for specific Windows 11 versions and Windows Server 2025.

Winsage

May 5, 2026

April 2026 Windows Update Breaks Third-Party Backup Software by Blocking Vulnerable Driver

Microsoft will include the psmounterex.sys driver in its Vulnerable Driver Blocklist in the April 2026 security update, affecting third-party backup applications that use this driver for image mounting and Volume Shadow Copy Service (VSS) snapshots. This decision addresses CVE-2023-43896, a critical buffer overflow vulnerability. Affected software includes Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup on Windows 11, Windows 10, and Windows Server platforms. Users may face issues during image-mount operations, receiving error messages related to VSS timeouts and Code Integrity errors in the Event Viewer. To check if a system is affected, users can look for Event ID 3077 in the Code Integrity Operational log. Microsoft recommends upgrading to newer versions of backup applications that do not use blocked drivers and advises against uninstalling or delaying the April update. Additionally, the update may cause certain Windows Server 2025 devices to boot into BitLocker recovery mode and has led to out-of-band updates for Windows Server update failures and restart loops on domain controllers.

Winsage

May 4, 2026

Microsoft confirms April Windows updates cause backup failures

Microsoft has acknowledged that the April 2026 security updates have disrupted the functionality of various third-party backup applications using the psmounterex.sys driver, raising concerns among users. The issue primarily affects software leveraging the Volume Shadow Copy Service (VSS) snapshots, leading to failures due to VSS service timeouts. Notable impacted products include Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup, used on Windows 11, Windows Server, and Windows 10 devices. Disruptions can manifest as failures to mount backup image files, errors or timeouts when browsing or restoring from backup images, and error messages related to VSS timeouts. Microsoft updated its support documentation to clarify that the April updates included a security hardening change that added psmounterex.sys to the vulnerable driver blocklist to protect against a high-severity buffer overflow vulnerability (CVE-2023-43896). Affected users are advised to upgrade to newer application versions with updated drivers and not to uninstall or pause the security update. Users can check if the Microsoft Vulnerable Driver Blocklist is blocking a driver by looking for Event ID 3077 in the Code Integrity Operational log. Additionally, Microsoft has alerted users that some Windows Server 2025 devices may boot into BitLocker recovery mode after installing the KB5082063 update and has issued out-of-band updates to address installation failures and restart loops affecting Windows Server systems after the April 2026 updates.

Winsage

May 1, 2026

Windows 11 KB5083631 update released with 34 changes and fixes

Microsoft has released the KB5083631 optional cumulative update for Windows 11, featuring 34 enhancements aimed at improving user experience and system performance. Key features include a new Xbox mode for immersive gaming, improved performance for startup applications, enhanced security for batch files and CMD scripts, haptic feedback on supported devices, improvements to Secure Boot, and updates to Kerberos authentication. The update also addresses issues with Windows Security event logging, eliminates a white flash in dark mode, and increases the reliability of explorer.exe processes. Users can install the update via Windows Settings under Windows Update. After installation, Windows 11 devices will be updated to builds 26100.8328 and 26200.8328. Additionally, updated Secure Boot certificates are being rolled out, and some Windows Server 2025 devices may require a BitLocker recovery key after the update.

Winsage

May 1, 2026

April KB5083769 Windows 11 update causes backup software failures

The KB5083769 security update released in April 2026 has disrupted the functionality of various third-party backup applications on Windows 11 versions 24H2 and 25H2, primarily due to issues with the Volume Shadow Copy Service (VSS). Affected applications include Acronis Cyber Protect Cloud, Macrium Reflect, NinjaOne Backup, and UrBackup Server. Users have reported receiving an error message indicating that backups have failed due to VSS timeouts. Acronis has acknowledged the issue, stating it affects both Windows 11 Pro and Home editions, and warns of potential broader system issues. A temporary solution involves uninstalling the KB5083769 update or pausing Windows updates. Additionally, Microsoft has issued out-of-band updates for critical issues affecting Windows Server systems and warned that some Windows Server 2025 devices may encounter BitLocker recovery prompts after installing the KB5082063 update.

Winsage

April 21, 2026

Planning your path to Windows Server 2025: What organizations are prioritizing in 2026 | Microsoft Windows Server Blog

Windows Server remains essential for critical workloads globally, with organizations needing to improve security, streamline patching, and maintain resilience in complex hybrid environments. The Windows Server Summit 2026 will take place from May 11–13, focusing on actionable guidance in security, patching, resiliency, and hybrid operations. Key areas of investment for 2026 include upgrade planning for Windows Server 2025, hybrid governance and management through Azure Arc, and operational consistency at scale with monitoring and patch automation. The Summit will provide insights into future Windows Server developments and facilitate direct interaction with Microsoft's product team. Attendees will receive practical guidance on upgrade strategies, operational patterns, security considerations, and hybrid management scenarios. Common triggers for evaluating changes include planning transitions to Windows Server 2025, reassessing patch cadence, standardizing hybrid operations, and addressing operational fragmentation. The event is aimed at enterprise IT professionals seeking to secure and modernize their Windows Server environments.