Home/KB Catalog/KB5082142

KB5082142: Overview with user sentiment and feedback

Last Updated May 2, 2026

Probability of successful installation and continued operation of the machine

0%
20%
40%
60%
80%
100%
55%
Caution

Overview

KB5082142 is the April 2026 cumulative security update for Windows Server 2022 (OS Build 20348.5020), released on April 14, 2026. This update represents a comprehensive monthly patch that consolidates the latest security fixes alongside quality improvements carried forward from the previous month's optional preview release. The update addresses multiple critical areas of the operating system including connectivity, kernel stability, network protocols, and security mechanisms.

This cumulative update includes improvements across diverse system components, ranging from audio reliability enhancements to kernel stability during large file operations. Notably, the update introduces significant security hardening measures, including the addition of vulnerable kernel drivers to Microsoft's blocklist and enhancements to Remote Desktop protection against phishing attacks. The update also addresses Secure Boot certificate expiration concerns and includes improvements to the Kerberos protocol for enhanced authentication security.

General Purpose

KB5082142 delivers a comprehensive set of improvements designed to enhance system reliability, security, and performance across Windows Server 2022 infrastructure. The update strengthens audio subsystem reliability to reduce system unresponsiveness during sound-related operations, while simultaneously improving kernel stability during intensive large file transfer operations. Network connectivity receives significant attention through enhanced SMB compression reliability over QUIC protocol, reducing timeout occurrences and delivering more consistent performance for network operations. The update implements critical security enhancements by introducing a vulnerable driver blocklist that prevents exploitation through known vulnerable kernel drivers, addressing CVE-2026-0386 through Windows Deployment Services hardening, and improving Kerberos protocol security through updated encryption type handling for Key Distribution Center operations related to CVE-2026-20833. Remote Desktop security is substantially improved through enhanced phishing protection that displays all connection settings before establishing connections with default-off security settings. The update also addresses Secure Boot certificate expiration concerns through improved device targeting for automatic certificate distribution, while adding support for the Saudi Riyal currency symbol in Windows fonts.

General Sentiment

Community sentiment regarding KB5082142 is decidedly mixed, reflecting both appreciation for security improvements and significant concern about stability issues. The update's security enhancements, particularly around vulnerable driver blocking and Remote Desktop protection, are generally viewed favorably by security-conscious administrators. However, this positive reception is substantially tempered by multiple critical issues that have emerged post-deployment. The most concerning issue involves domain controllers in Privileged Access Management environments experiencing repeated restarts due to LSASS crashes, which can render domains unavailable and severely impact authentication services. Additionally, reports indicate potential NIC teaming failures on affected servers, with network teams becoming disabled after reboot and gateway configurations being removed unexpectedly. The BitLocker recovery key requirement on systems with specific Group Policy configurations represents another significant pain point, particularly for enterprises managing large numbers of servers. While Microsoft has acknowledged these issues and provided mitigations for some, the fact that multiple critical infrastructure problems emerged post-release has created hesitation among administrators. Some community members note that backup applications relying on previously-acceptable drivers now fail with VSS timeout errors, creating additional operational challenges. The sentiment reflects a common pattern with Windows Server updates: security improvements are necessary but come at the cost of potential stability disruptions that require careful testing and mitigation planning before broad deployment.

Known Issues

  • Domain controllers restart repeatedly: Non-Global Catalog domain controllers in environments using Privileged Access Management (PAM) experience LSASS crashes during startup, causing repeated restarts that prevent authentication and directory services from functioning, potentially rendering the domain unavailable. Resolution available through out-of-band update KB5091575 or hotpatch KB5091576 for hotpatching-enrolled devices.
  • BitLocker recovery key requirement: Devices with specific unrecommended BitLocker Group Policy configurations (PCR7 validation profile inclusion) may require BitLocker recovery key entry on first restart after update. Affects limited systems meeting all specific conditions including UEFI firmware with 2023 Windows certificates. Workaround involves removing or modifying the Group Policy configuration before installation.
  • NIC teaming failures: Network Interface Card teams may become disabled after reboot, with member NICs showing as "Faulted Not Found" status, default gateways being removed, and teams reverting to disabled state even after manual re-enabling, requiring team deletion and reconfiguration to single NICs.
  • Remote Desktop warning display issues: Security warnings when opening Remote Desktop (RDP) files may display incorrectly on systems with multiple monitors using different display scaling settings, resulting in overlapping text or partially hidden buttons. Workaround involves standardizing display scaling across all monitors.
  • WSUS error reporting disabled: Windows Server Update Services does not display synchronization error details after installing KB5070884 or later updates, functionality temporarily removed to address CVE-2025-59287.
  • Backup application failures: Applications relying on now-blocked vulnerable kernel drivers may experience failures when mounting or managing disk images, displaying errors such as "The backup has failed because Microsoft VSS has timed out during the snapshot creation" or VSS_E_BAD_STATE, requiring updates to newer application versions with compliant drivers.

Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2026-05-02 07:26 AM

Back to Knowledge Base Catalog