KB5091157: Overview with user sentiment and feedback

Last Updated May 30, 2026

Probability of successful installation and continued operation of the machine

0%
20%
40%
60%
80%
100%
75%
Known Issues

Overview

KB5091157 is an out-of-band (OOB) quality update released on April 19, 2026, for Windows Server 2025 across all editions. This non-security cumulative update was deployed to address critical issues introduced by the April 2026 security updates, specifically KB5082063 and KB5082142. The update represents Microsoft's emergency response to widespread problems affecting domain controller stability and Windows update installation processes.

This patch consolidates quality improvements and bug fixes that prevent system failures and service disruptions in production environments. The update is particularly significant for organizations running multi-domain forest environments with Privileged Access Management (PAM) implementations, as it resolves severe startup and authentication issues that were rendering domains unavailable. Additionally, it addresses installation failures that prevented some systems from successfully deploying the April 2026 security updates.

General Purpose

KB5091157 serves as a critical remediation patch designed to restore stability to Windows Server 2025 deployments affected by regressions in the April 2026 security updates. The primary purpose of this update is to resolve two major categories of issues: domain controller startup failures and Windows update installation errors. For domain controllers operating in multi-domain forest configurations with Privileged Access Management enabled, the patch prevents the Local Security Authority Subsystem Service (LSASS) from becoming unresponsive, which was causing repeated system restarts and complete loss of authentication and directory services. The update also corrects installation failures that resulted in error codes 0x800F0983 and 0x80073712, enabling affected systems to successfully complete the April security update deployment. Additionally, the patch includes a combined servicing stack update (KB5082062) that enhances the robustness of the Windows update installation mechanism itself, ensuring more reliable future update deployments.

General Sentiment

Community and technical reception of KB5091157 has been notably positive, with system administrators recognizing it as a necessary and effective emergency fix. The patch successfully resolves the critical issues that were causing domain controller reboot loops and preventing update installations, which were generating significant operational disruptions. IT professionals have reported that the update addresses real-world problems affecting their infrastructure, particularly those managing complex Active Directory environments with PAM implementations. However, sentiment is tempered by the acknowledgment that these issues should not have existed in the first place, reflecting broader concerns about the quality of the April 2026 security updates that necessitated this OOB release. Some administrators note that while the patch resolves the most critical problems, it does not address all known issues, particularly the BitLocker recovery key prompt issue that remains outstanding. The general consensus is that this update is essential for affected environments, though it represents a remediation of problems rather than new functionality or improvements.

Known Issues

  • BitLocker Recovery Key Requirement: Devices with unrecommended BitLocker Group Policy configurations (specifically those with PCR7 included in the TPM platform validation profile) may be required to enter their BitLocker recovery key on the first restart after installation. This affects only systems meeting all specific criteria including Secure Boot state and presence of the Windows UEFI CA 2023 certificate. Recovery is required only once, with subsequent restarts functioning normally if group policy settings remain unchanged.

  • WSUS Error Reporting Limitation: Windows Server Update Services (WSUS) does not display synchronization error details in its error reporting interface after installing this update. This functionality was temporarily removed to address Remote Code Execution Vulnerability CVE-2025-59287 and represents a known limitation pending future resolution.

  • Remote Desktop Warning Display Issues: Security warnings displayed when opening Remote Desktop (RDP) files may not render correctly in multi-monitor environments with different display scaling settings, potentially showing overlapping text or partially hidden buttons. This issue is addressed in a subsequent update (KB5087539).

Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2026-05-30 01:31 PM

Back to Knowledge Base Catalog