Home/KB Catalog/KB5091572

KB5091572: Overview with user sentiment and feedback

Last Updated May 31, 2026

Probability of successful installation and continued operation of the machine

0%
20%
40%
60%
80%
100%
75%
Known Issues

Overview

KB5091572 is an out-of-band security update released on April 19, 2026, for Windows Server 2016 and Windows 10 version 1607 (OS Build 14393.9062). This emergency patch was issued to address critical issues discovered in the April 14, 2026 security update (KB5082198) that caused severe operational disruptions in domain controller environments. The update specifically targets a regression that affected multi-domain forest deployments utilizing Privileged Access Management (PAM) solutions, where domain controllers experienced repeated restart loops and service failures following the previous month's patch installation.

As an out-of-band release, this update represents Microsoft's response to a high-priority production issue that required immediate remediation outside the standard monthly patch cycle. The patch also addresses a secondary issue affecting Remote Desktop Protocol (RDP) security warning display on systems with multiple monitors using different display scaling configurations. Additionally, this update serves as a precursor to addressing the upcoming Windows Secure Boot certificate expiration scheduled for June 2026, which poses a critical threat to system boot integrity across the Windows ecosystem.

General Purpose

This out-of-band update primarily resolves a critical regression introduced in KB5082198 that caused domain controller startup failures in multi-domain forest environments using Privileged Access Management. The specific issue involved the Local Security Authority Subsystem Service (LSASS) becoming unresponsive, triggering continuous restart cycles that prevented authentication services and directory operations, effectively rendering affected domains unavailable. By addressing this regression, the patch restores stability to affected domain controller infrastructure and prevents cascading authentication failures across enterprise networks.

Secondarily, the update corrects a display rendering issue with Remote Desktop security warnings when systems employ multiple monitors with disparate scaling settings, such as 100% and 125% magnification levels. In such configurations, warning dialogs would display overlapping text and partially obscured buttons, compromising user ability to read or interact with critical security prompts. The update also prepares systems for the upcoming Secure Boot certificate expiration event in June 2026, which requires proactive certificate updates to maintain secure boot functionality. Organizations are advised to review preparation guidance and implement certificate updates in advance to prevent boot disruptions.

General Sentiment

Community sentiment regarding KB5091572 is cautiously positive, with system administrators recognizing it as a necessary corrective measure for a serious regression. The patch addresses a genuinely critical issue that affected production domain controller environments, making its deployment essential for affected organizations. However, sentiment is tempered by the underlying concern that the previous month's update (KB5082198) introduced such a severe regression in the first place, raising questions about Microsoft's testing procedures for enterprise-critical components.

System administrators in the r/sysadmin community noted that while the OOB update is primarily targeted at domain controllers in specific scenarios (multi-domain forests with PAM solutions and non-global catalog configurations), the patch can be safely applied to member servers and other infrastructure without adverse effects, as it supersedes the problematic previous update. Some administrators reported that applying the OOB update resolved installation failures on non-DC systems that were preventing the previous update from being applied. The known issue with Remote Desktop security warnings, while not critical, adds a minor frustration point for users managing systems with multi-monitor setups. Overall, the patch is viewed as a necessary remediation with manageable deployment considerations, though the underlying quality assurance concerns persist in community discussions.

Known Issues

  • Remote Desktop security warnings display incorrectly: Security warning dialogs that appear when opening RDP files may display with overlapping text or partially hidden buttons on systems with multiple monitors using different display scaling settings (for example, 100% and 125%). This rendering issue makes the security messages difficult to read or interact with. Resolution available in updates released on or after May 12, 2026 (such as KB5087537).
  • Prerequisite Servicing Stack Update requirement: Installation of the latest Servicing Stack Update (KB5082089) is mandatory before applying this patch. Systems without the SSU pre-installed may not be offered this update through Windows Update channels, potentially delaying critical security coverage.
  • Limited distribution channels: This out-of-band update is only available through the Microsoft Update Catalog and WSUS, not through standard Windows Update channels, requiring manual deployment or WSUS administrator approval.

Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2026-05-31 01:41 PM

Back to Knowledge Base Catalog