Last week, Microsoft pushed out its monthly security update — routine stuff, or so you’d think. Except this one put thousands of business servers offline.
KB5082063, released April 14, caused Windows domain controllers across Server 2016 through Server 2025 to crash on restart. The servers froze during boot, dumped users, and rebooted again. And again. Authentication went down. Employee logins stopped working. File shares became inaccessible. For businesses that depend on Active Directory, it was a blackout.
Microsoft confirmed the problem and released emergency out-of-band patches within days — but only after sysadmins scrambled to catch it.
This Is the Patch Problem
Security updates exist to protect you. They do. But as this incident shows, patching without testing can create the exact outage you’re trying to avoid.
Microsoft estimates 8.5 million devices were hit by a single bad CrowdStrike update back in 2024. Smaller-scale incidents like last week’s happen every month — they’re just not always headlines.
If your IT team pushed KB5082063 without an emergency rollback plan, you felt it. If they didn’t push it and left the vulnerability unpatched, you’re exposed. Neither position is safe.
What Smart Businesses Do Now
- Audit your last 30 days of server updates. Did anyone test them first? Do you even know what was applied?
- Have a rollback and disaster recovery plan for patches — not just for complete server failures.
- Know your RTO. How long can your business survive an authentication outage? For most, it’s minutes — not hours.
If you’re not sure what patches are sitting on your servers right now, that’s the real problem.
Talk to NSI Tech about getting your server patching under control →