Microsoft KB5082063 Update Triggers Reboot Loops in Windows Server Domain Controllers

Microsoft Corporation confirmed on April 20, 2026, that its latest monthly security update is causing significant operational disruptions for enterprise customers. The update, identified as KB5082063 and released as part of the April 2026 Patch Tuesday cycle, has been linked to spontaneous and repeated reboot loops on Windows Server domain controllers. This issue has emerged as a critical concern for IT departments managing large-scale infrastructure, as domain controllers serve as the primary gatekeepers for network authentication and security policy enforcement.

Technical analysis indicates that the reboots are triggered by critical failures in the Local Security Authority Subsystem Service, commonly known as LSASS.exe. According to reports from system administrators and Microsoft’s own support documentation, the LSASS process encounters an access violation error, specifically error code 0xc0000005, which leads to an unrecoverable system crash. Because LSASS is a protected process responsible for managing user logins and security tokens, its failure necessitates an immediate system restart to maintain integrity. In many cases, these restarts occur within minutes of the system booting, creating a continuous loop that prevents normal administrative access.

The instability specifically impacts Windows Server 2019, Windows Server 2022, and the recently deployed Windows Server 2025. Microsoft has noted that the instability is most prevalent in enterprise environments that have implemented Privileged Access Management (PAM) or those with complex Active Directory forests. Initial telemetry suggests that approximately 15% of enterprise environments that applied the update within the first week of release have reported some level of service degradation. The failure of these controllers has led to widespread reports of users being unable to log into corporate workstations, access shared drives, or authenticate via Virtual Private Networks.

In an official advisory published to the Windows Release Health dashboard on April 20, Microsoft stated that it is currently investigating the root cause of the LSASS memory corruption. The company has advised administrators to temporarily pause the deployment of KB5082063 until a permanent fix or an out-of-band update is released. For organizations already experiencing the reboot loop, Microsoft recommends using the Deployment Image Servicing and Management (DISM) tool to manually uninstall the package. This process requires booting into the Windows Recovery Environment and executing command-line instructions to remove the specific update package from the offline image.

This event follows a series of updates aimed at hardening the Kerberos authentication protocol and addressing vulnerabilities in the Netlogon service. While the April update was intended to patch several high-severity security flaws, the resulting instability has forced many IT departments to initiate emergency rollback procedures. Microsoft has not yet provided a definitive timeline for a resolution but has categorized the investigation as a top priority for its server engineering teams.