好的,我现在需要帮用户总结一篇文章,控制在100个字以内。用户已经提供了文章内容,看起来是关于微软Windows域控制器在安装四月安全更新后出现的问题。 首先,我要通读整篇文章,抓住主要信息。文章提到,安装了2026年4月的安全更新后,一些域控制器进入重启循环,原因是LSASS服务崩溃。这个问题主要影响使用PAM的组织,而个人设备可能不受影响。微软正在修复,并建议管理员联系支持获取缓解措施。 接下来,我需要将这些信息浓缩到100字以内。要确保包含关键点:问题发生的时间(安装四月更新后)、受影响的系统(域控制器)、原因(LSASS崩溃)、影响(重启循环、服务中断)、以及微软的应对措施。 然后,检查是否有重复或冗余的信息,比如多次提到PAM和受影响的服务器版本,可以简化为“使用PAM的组织”。 最后,确保语言简洁明了,直接描述问题和影响。 </think> 微软确认部分Windows域控制器在安装2026年4月安全更新后因LSASS服务崩溃进入重启循环。此问题主要影响使用Privileged Access Management(PAM)的组织,可能导致认证和目录服务中断。微软正在修复,并建议管理员联系支持获取缓解措施。 2026-4-17 08:1:46 Author: www.bleepingcomputer.com(查看原文) 阅读量:13 收藏
Microsoft has confirmed that some Windows domain controllers are entering restart loops due to Local Security Authority Subsystem Service (LSASS) crashes after installing the April 2026 security updates.
The company also warned that Windows admins may encounter this issue when setting up new domain controllers, or even on existing ones, if the server processes authentication requests very early in the startup process.
"After installing the April 2026 Windows security update (KB5082063) and rebooting, non‑Global Catalog (non‑GC) domain controllers (DCs) in environments that use Privileged Access Management (PAM), might experience LSASS crashes during startup," Microsoft said in a release health dashboard update.
"As a result, affected DCs may restart repeatedly, preventing authentication and directory services from functioning, and potentially rendering the domain unavailable."
This known issue only impacts organizations using Privileged Access Management (PAM) and is unlikely to affect personal devices that aren't managed by an IT department. The list of affected platforms includes systems running Windows Server 2025, Windows Server 2022, Windows Server 23H2, Windows Server 2019, and Windows Server 2016.
While Microsoft is still working on a fix, it advised IT administrators to contact Microsoft Support for Business for mitigation measures that can be applied even after deploying the April 2026 update.
Microsoft has addressed multiple domain controller issues caused by security updates in recent years, most recently resolving Windows Server authentication problems in June 2025, which were caused by the April 2025 security updates.
Almost a year earlier, in May 2024, it fixed another known issue that triggered NTLM authentication failures and domain controller reboots after deploying the April 2024 Windows Server security updates.
In March 2024, it released emergency out-of-band (OOB) updates to fix Windows domain controller crashes after installing the March 2024 Windows Server security patches.
Microsoft is now also investigating a separate issue causing this month's KB5082063 Windows security update to fail to install on some Windows Server 2025 systems.
On Wednesday, it also warned admins that some Windows Server 2025 devices may also prompt users to enter a BitLocker key after deploying the KB5082063 update.
99% of What Mythos Found Is Still Unpatched.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.
如有侵权请联系:admin#unsafe.sh