IT administrators across Europe and North America reported widespread server failures on Tuesday after Microsoft's April security update introduced a critical flaw in Windows Server domain controllers. The issue caused systems to enter an infinite reboot loop, rendering servers unusable and disrupting corporate networks. Reports indicate the problem affects both physical and virtualized domain controllers running Windows Server 2019 and 2022.
The error stems from a crash in two core components of Microsoft's server ecosystem: the Local Security Authority Subsystem Service (LSASS) and the Windows Update service. When the update installs, these services fail to initialize properly. The system attempts to recover by rebooting, but the same failure occurs each time, creating a loop that prevents normal operation. Microsoft has not yet confirmed the exact number of affected servers but acknowledges the issue is severe.
Affected organizations include banks, healthcare providers, and government agencies that rely on Windows Server for authentication and directory services. One IT director in Oslo described the situation as unprecedented in scale. "We had 40 domain controllers down simultaneously," the director said. "The only temporary fix was to roll back the update manually on each server."
Microsoft issued a statement late Tuesday advising administrators to pause the April update until a patch is released. The company did not provide a timeline for resolution but emphasized that a fix is in development. Meanwhile, cybersecurity experts warned that attackers could exploit the downtime to target unpatched systems. The incident highlights the risks of automated updates in enterprise environments.
The problem emerged just days after Microsoft released the April Patch Tuesday updates. It follows similar issues in January when a Windows Server update caused authentication failures for thousands of organizations.
Source: itavisen.no