Windows Server
Microsoft's server operating system family, versions 2016 through 2025.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Timeline for Windows Server
Required emergency KB5091157 patch to fix LSASS reboot loops on PAM-enabled domain controllers
Cybersecurity: Threats and Defences: KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief- What is Windows Server used for?
- Windows Server is Microsoft's server operating system used for Active Directory (user authentication and group policy), file and print services, web hosting with IIS, Hyper-V virtualisation, and as a platform for enterprise applications in data centres and hybrid cloud.
- What happened to Windows Server domain controllers after April 2026 Patch Tuesday?
- A regression in the April 2026 Patch Tuesday cumulative update caused LSASS reboot loops on Windows Server 2016-2025 domain controllers with Privileged Access Management (PAM) enabled, making them inoperable. Microsoft patched this with out-of-band update KB5091157 on 19 April 2026.Source: event
- Why are domain controllers such high-value targets in cyber attacks?
- Domain controllers run Active Directory, which manages all user authentication and authorisation in an enterprise. Compromising a domain controller gives attackers estate-wide access via credential extraction from LSASS, group policy abuse, and Kerberos ticket forgery.
Background
Windows Server is Microsoft's family of server operating systems, designed for enterprise data centres, cloud deployments, and on-premises infrastructure. The product line has been released in successive named versions tied to the Windows Server Semi-Annual Channel (SAC) and Long-Term Servicing Channel (LTSC): key versions in active support as of 2026 include Windows Server 2016, 2019, 2022, and 2025. Windows Server underpins Active Directory domain controllers — the authentication and authorisation backbone for the vast majority of enterprise Windows environments — along with file services, IIS web hosting, Hyper-V virtualisation, and a broad range of enterprise workloads.
Active Directory domain controllers running Windows Server are high-value targets in enterprise attacks: compromising a domain controller gives an attacker full lateral movement capability, credential access via LSASS, and the ability to issue golden ticket or silver ticket Kerberos forgeries. Microsoft's Patch Tuesday cycle is therefore closely tracked by enterprise security teams, as domain controller instability after patching carries immediate operational impact.
In U#3, Windows Server 2016 through 2025 were affected by a regression in the April 2026 Patch Tuesday cumulative update that caused continuous LSASS reboot loops on domain controllers with Privileged Access Management (PAM) enabled . Microsoft issued KB5091157 out-of-band on 19 April 2026 to fix the regression.