KB5091573: Overview with user sentiment and feedback

Overview

KB5091573 is an out-of-band security update released on April 19, 2026, for Windows Server 2019 and Windows 10 Enterprise LTSC 2019 (OS Build 17763.8647). This emergency patch was deployed outside the normal monthly update cycle to address critical issues discovered in the preceding April 14, 2026 security update (KB5082123). The update specifically targets a severe problem affecting domain controllers in multi-domain forest environments that utilize Privileged Access Management (PAM) functionality.

This out-of-band release represents Microsoft's response to a regression introduced by KB5082123, which caused domain controllers to experience startup failures and service interruptions. The patch includes a combined servicing stack update (SSU KB5082118) and cumulative update (LCU), improving the reliability of the update process itself. Additionally, this update addresses the broader Windows Secure Boot certificate expiration issue affecting systems starting in June 2026, requiring proactive certificate updates to maintain secure boot functionality.

General Purpose

The primary purpose of KB5091573 is to resolve a critical regression in KB5082123 that caused domain controller failures in multi-domain forest environments using Privileged Access Management. When KB5082123 was installed and systems were restarted, affected domain controllers experienced startup issues where the Local Security Authority Subsystem Service (LSASS) would stop responding, leading to repeated restart cycles and preventing authentication and directory services from functioning properly. This rendered affected domains unavailable and created significant operational disruption for enterprise environments.

Beyond the domain controller fix, this update includes a combined servicing stack update that enhances the reliability of the Windows update installation process itself. The update also incorporates preparatory measures for the upcoming Windows Secure Boot certificate expiration scheduled for June 2026. The patch requires that systems have previously installed the August 10, 2021 servicing stack update (KB5005112) before installation. A secondary known issue involving Remote Desktop security warning display on multi-monitor setups with different scaling settings was also identified and subsequently resolved in later updates released on or after May 12, 2026.

General Sentiment

The sentiment surrounding KB5091573 is decidedly mixed, reflecting the complex nature of emergency patch releases. On the positive side, this out-of-band update demonstrates Microsoft's commitment to rapidly addressing critical regressions that impact enterprise infrastructure. The swift deployment of this emergency patch shows responsiveness to a serious issue affecting domain controllers, which are foundational to Active Directory environments. For organizations affected by the KB5082123 regression, this patch represents a necessary and urgent solution.

However, the existence of this out-of-band patch itself reflects negatively on the quality assurance process that allowed such a critical regression to reach production in KB5082123. The fact that domain controllers could become completely unavailable after a routine security update raises concerns about testing rigor for enterprise-critical components. Additionally, the identification of a secondary issue with Remote Desktop security warnings, even though subsequently resolved, suggests that the initial patch may not have undergone sufficiently comprehensive testing across diverse hardware configurations and display setups. Organizations must weigh the necessity of installing this corrective patch against the underlying concern that critical regressions are still reaching production releases.

Known Issues

• Remote Desktop security warning display issues: After installing this update, Remote Desktop (RDP) security warnings may not display correctly when using multiple monitors with different display scaling settings (such as 100% on one monitor and 125% on another). The warning window may show overlapping text or partially hidden buttons, making the message difficult to read or interact with. This issue was resolved in Windows updates released on or after May 12, 2026 (such as KB5087538).

Disclaimer: We take measures to ensure that AI-generated content is of the highest possible quality, but we cannot guarantee its accuracy and recommend that users do their own independent research. Generated on 2026-05-30 01:29 PM

Back to Knowledge Base Catalog