Windows update problems: Network with domain controllers and Windows 11 BSoDs
Microsoft has acknowledged further problems with Windows updates. Domain controllers are experiencing network problems, Windows 11 can crash.
(Image: Erstellt mit KI in Bing Creator von heise online / dmk)
Microsoft has acknowledged further problems that admins and users may encounter after installing the latest security updates. Both server and desktop operating systems are affected.
In the Windows Release Health Center for Windows Server 2025, Microsoft's developers explain that Windows Server 2025 in the domain controller (DC) role – for example, when hosting an Active Directory as a DC – may “fail to manage network traffic correctly” after a reboot. As a result, Windows Server 2025 DCs may not be accessible in the domain network, or may be incorrectly accessible through network ports and protocols that should be prevented by the domain firewall profile.
Windows Server 2025 DC: Problem with firewall profiles
The issue arises from the fact that the use of the domain firewall profile on the domain controllers fails if they are restarted. Instead, the standard firewall profile is then used. As a result, apps and services running on the DC or on devices in the network may fail or be inaccessible in the domain. However, Microsoft has found a remedy. Restarting the network adapter restores the expected behavior –, i.e., the use of the firewall domain profile –. This can be achieved by using the Restart-NetAdapter * command in the Powershell, Microsoft's developers write. For now, this is necessary every time affected DCs are restarted. IT managers can set up a scheduled task that performs this adapter restart after a computer restart of the DC, Microsoft further suggests. Meanwhile, the developers are working on a solution to the problem.
Videos by heise
But the issues do not stop with servers; Windows 11 clients also experience undesirable side effects after installing the Windows security updates. In notes on the security update, Microsoft points out that after installation, the folder %systemdrive%\inetpub – is usually created as c:\inetpub –. Microsoft writes: “This folder should not be deleted, regardless of whether Internet Information Services (IIS) is enabled on the target device. This behavior is part of changes that increase protection and requires no action from IT administrators or end users.” The patch that triggers this closes a privilege escalation vulnerability in Windows(CVE-2025-21204, CVSS 7.8, risk “high”).
Another issue has now come to light, which can only be found in the Windows update notes for Windows 11 24H2: After installing the updates, a blue screen of death (BSoD) may occur on restart. A “blue screen exception condition with error code 0x18B indicating a SECURE_KERNEL_ERROR” may occur. Microsoft has therefore initiated the Known Issue Rollback (KIR) mechanism, which takes effect within 24 hours on end customer and non-managed devices and removes the problematic update components.
Microsoft is currently having more and more bad luck with Windows updates. Last weekend, the company had to offer an out-of-sequence update that corrects display problems regarding the status of group policies.
(dmk)
