Vulnerabilities

April 2026 Windows Security Patches Trigger LSASS Crashes and Reboot Loops on Domain Controllers

April 17, 2026 08:00 · 4 min read
April 2026 Windows Security Patches Trigger LSASS Crashes and Reboot Loops on Domain Controllers

What Is Happening

Microsoft has officially acknowledged that certain Windows domain controllers are entering continuous restart loops following the installation of the April 2026 security updates. The root cause is crashes within the Local Security Authority Subsystem Service (LSASS), a critical Windows process responsible for enforcing security policy and handling authentication on the system.

According to a release health dashboard update posted by Microsoft, the problem manifests specifically on non-Global Catalog (non-GC) domain controllers operating in environments that have deployed Privileged Access Management (PAM). The update at the center of the issue is identified as KB5082063.

"After installing the April 2026 Windows security update (KB5082063) and rebooting, non-Global Catalog (non-GC) domain controllers (DCs) in environments that use Privileged Access Management (PAM), might experience LSASS crashes during startup. As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable."

Who Is Affected

Microsoft has clarified that this known issue is limited in scope — it only impacts organizations actively using Privileged Access Management and is unlikely to affect personal or consumer devices not managed by an IT department. Administrators should also be aware that the problem is not confined to domain controllers that are already running; it can also occur when provisioning new domain controllers, or on existing ones that happen to process authentication requests very early in the startup sequence.

The following Windows Server platforms have been identified as affected:

Impact on Enterprise Environments

When LSASS crashes during startup and the domain controller enters a reboot loop, authentication services and directory services become unavailable. In severe cases, this can render an entire domain inaccessible — a potentially catastrophic outcome for organizations that depend on Active Directory for user authentication and resource access. The fact that non-GC domain controllers are specifically targeted suggests the issue is tied to how PAM interacts with authentication flows during the early stages of the boot process.

Guidance from Microsoft

As of the time of reporting, Microsoft had not yet released a permanent fix for the issue. However, the company advised IT administrators experiencing this problem to reach out to Microsoft Support for Business, where mitigation measures are available. Crucially, Microsoft noted that these mitigations can be applied even on systems that have already deployed the April 2026 update — meaning administrators do not need to roll back the patch to implement a workaround.

A Pattern of Post-Patch Domain Controller Problems

This incident is far from the first time a Microsoft security update has caused disruption for domain controllers. The company has had to address similar issues multiple times in recent years, forming a concerning pattern for enterprise administrators:

  1. In June 2025, Microsoft resolved Windows Server authentication failures that had been introduced by the April 2025 security updates.
  2. In May 2024, a known issue was fixed that caused NTLM authentication failures and domain controller reboots following the April 2024 Windows Server security updates.
  3. In March 2024, Microsoft was forced to release emergency out-of-band (OOB) updates specifically to address Windows domain controller crashes triggered by the March 2024 Windows Server security patches.

Additional Issues with KB5082063

The LSASS reboot loop is not the only problem associated with this month's update. Microsoft is simultaneously investigating a separate bug that is causing KB5082063 to fail to install on some Windows Server 2025 systems entirely. Additionally, the company warned administrators earlier in the week that some Windows Server 2025 devices may prompt users to enter a BitLocker recovery key after deploying the same KB5082063 update — adding a third significant concern tied to April's patch cycle.

Organizations running affected server versions, particularly those with PAM environments, are strongly encouraged to monitor Microsoft's release health dashboard for updates and to engage Microsoft Support proactively if they encounter any of these symptoms following the April 2026 patch deployment.

Source: BleepingComputer

Source: BleepingComputer

Powered by ZeroBot

Protect your website from bots, scrapers, and automated threats.

Try ZeroBot Free

Related Articles

Vulnerabilities

Apache ActiveMQ CVE-2026-34197 Now Actively Exploited Days After Disclosure

A critical Apache ActiveMQ Classic flaw tracked as CVE-2026-34197, dormant in the codebase for 13 years, is being actively exploited just weeks after patched versions were released. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal patch deadline of April 30.

Apr 19, 2026 04:00 · SecurityWeek 4 min read
Vulnerabilities

Microsoft Edge Update Bug Disables Right-Click Paste in Teams Desktop Client

A code regression introduced by a recent Microsoft Edge update has left Teams desktop users unable to paste content via right-click context menus. Microsoft is rolling out a staged fix while recommending keyboard shortcuts as a workaround.

Apr 18, 2026 20:00 · BleepingComputer 3 min read