Microsoft Patch KB5082063 Triggers Reboot Loops on Windows Domain Controllers Using PAM
What Happened – Microsoft confirmed that the April 2026 security update KB5082063 can cause LSASS crashes on non‑Global Catalog domain controllers that run Privileged Access Management (PAM). The crash forces the server into a continuous reboot loop, halting authentication and directory services.
Why It Matters for TPRM –
- Domain controllers are a critical trust anchor for any third‑party relationship; loss of authentication can cascade to partner‑access failures.
- The issue is tied to a Microsoft‑issued patch, meaning the vulnerability exists across all customers that have applied the update.
- No public exploit is known, but the service disruption can be leveraged for denial‑of‑service attacks against supply‑chain partners.
Who Is Affected – Enterprises across all sectors that run Windows Server 2025, 2022, 23H2, 2019, or 2016 as domain controllers with PAM enabled.
Recommended Actions –
- Immediately verify whether KB5082063 has been applied to any domain controllers.
- If applied, follow Microsoft’s mitigation guidance (contact Microsoft Support, defer reboot, or roll back the update).
- Review third‑party contracts for clauses covering patch‑related service outages and update incident‑response playbooks.
Technical Notes – The root cause is an LSASS crash triggered during early authentication processing on non‑GC DCs. No CVE is assigned; the problem is a regression in the security update itself. Affected data includes authentication tokens and directory service metadata, but no data exfiltration is reported. Source: BleepingComputer