Table of Contents

The latest Home windows Server updates are leading to significant concerns for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until eventually the updates are rolled back

Yesterday, Microsoft introduced the Windows Server 2012 R2 KB5009624 update, the Home windows Server 2019 KB5009557 update, and the Home windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.

After installing these updates, directors have been battling multiple problems that are only settled just after removing the updates.

Windows domain controller boot loops

The most critical challenge launched by these updates is that Windows area controllers enter a boot loop, with servers receiving into an endless cycle of Home windows setting up and then rebooting immediately after a several minutes.

As initially noted by BornCity, this challenge impacts all supported Home windows Server variations.

“Seems KB5009557 (2019) and KB5009555 (2022) are resulting in a thing to are unsuccessful on domain controllers, which then preserve rebooting every several minutes,” a user posted to Reddit.

A Home windows Server administrator informed BleepingComputer that they see the LSASS.exe course of action use all of the CPU on a server and then in the long run terminate.

As LSASS is a important course of action expected for Windows to operate accurately, the working system will immediately restart when the system is terminated.

The pursuing mistake will be logged to the celebration viewer when restarting because of to a crashed LSASS process, as a further user on Reddit shared.

“The process wininit.exe has initiated the restart of pc [computer_name] on behalf of consumer for the following cause: No title for this reason could be located Motive Code: 0x50006 Shutdown Sort: restart Remark: The process process ‘C:WINDOWSsystem32lsass.exe’ terminated unexpectedly with standing code -1073741819. The process will now shut down and restart.”

Hyper-V no longer starts off

In addition to the boot loops, BleepingComputer has been informed by Home windows directors that immediately after putting in the patches, Hyper-V no more time begins on the server.

This bug mostly impacts Home windows Server 2012 R2 server, but other unverified studies say it influences newer versions of Windows Server.

As Hyper-V is not started off, when making an attempt to start a virtual equipment, consumers will receive an error stating the subsequent:

“Virtual equipment xxx could not be started out since the hypervisor is not functioning.”

Microsoft produced protection updates to repair 4 various Hyper-V vulnerabilities yesterday (CVE-2022-21901, CVE-2022-21900, CVE-2022-21905, and CVE-2022-21847), which are probable creating this concern.

ReFS file programs are no lengthier accessible

Lastly, numerous admins are reporting that Windows Resilient File Procedure (ReFS) volumes are no extended obtainable or are found as Uncooked (unformatted) soon after setting up the updates.

The Resilient File Procedure (ReFS) is a Microsoft proprietary file method that has been developed for substantial availability, knowledge restoration, and substantial efficiency for quite big storage volumes.

“Installed these updates tonight, in a two server Exchange 2016 CU22 DAG, working on Server 2012 R2. Soon after a genuinely lengthy reboot, the server came again up with all the ReFS volumes as Uncooked,” stated a Microsoft Exchange administrator on Reddit.

“NTFS volumes attached have been fine. I understand this is not solely an trade concern but it is impacting my capacity to provide providers for Exchange back on the internet.”

Uninstalling the Home windows Server updates made the ReFS volumes available once again.

Yesterday, Microsoft fastened 7 distant code execution vulnerabilities in ReFS, with one or a lot more most likely driving the inaccessible ReFS volumes.

These vulnerabilities are tracked as CVE-2022-21961, CVE-2022-21959, CVE-2022-21958, CVE-2022-21960, CVE-2022-21963, CVE-2022-21892, CVE-2022-21962, CVE-2022-21928.

How to fix?

Unfortunately, the only way to correct these issues is to uninstall the corresponding cumulative update for your Windows variation.

Admins can do this by making use of one particular of the following commands:

Home windows Server 2012 R2: wusa /uninstall /kb:KB5009624 
Home windows Server 2019: wusa /uninstall /kb:KB5009557 
Home windows Server 2022: wusa /uninstall /kb:KB5009555

As Microsoft bundles all stability fixes into the one update, removing the cumulative update could resolve the bugs, but will also take away all fixes for just lately patched vulnerabilities.

Hence, uninstalling these updates ought to only be accomplished if absolutely needed.

Not to be outdone by Home windows Server, Home windows 10 and Home windows 11’s updates are also breaking L2TP VPN connections.

BleepingComputer has arrived at out to Microsoft for fixes on these problems but has not heard back at this time.