KB5009624, KB5009557 and KB5009555 coming to break a server near you soon!

KB5009624, KB5009557 and KB5009555

Issue / Fault definition

Microsoft recently released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part of the January 2022 Patch Tuesday.

After installing these updates Admins are reporting various issues including –

  • Windows domain controller boot loops
  • Hyper-V no longer starting
  • ReFS file systems are no longer accessible

Impact

  • Windows Server 2012 R2
  • Windows Server 2019
  • Windows Server 2022
  • Updates KB5009624, KB5009557 and KB5009555

Known Fixes / Solutions

To fix the issue boot into SafeMode, CMD from a recovery console or DSRM and remove the update.

  • Windows Server 2012 R2: wusa /uninstall /kb:KB5009624
  • Windows Server 2019: wusa /uninstall /kb:KB5009557
  • Windows Server 2022: wusa /uninstall /kb:KB5009555

Other possible fixes

The moment you first logon.
1. Immediately run command prompt, right click, run as administrator (just incase)
2. type in “net stop netlogon” (shows The Netlogon service was stopped successfully.)
3. Program and Features
4. Select Uninstall (click on Security Update for Microsoft Windows (KB5009557)
5. You must restart your computer to apply these changes (click Restart Later)
6. Select Uninstall (click Update for Microsoft Windows (KB5008873)
7. You must restart your computer to apply these changes (click Restart Now)

The issue of reboots only happens if 2 or more DC’s have the update installed. Just turn off 1 dc or boot it into safemode without networking and the other DC stops rebooting. Then you have at least 1 DC up for people to continue work and you have time to uninstall the patches.

Mitigation

Delay roll out of any of the affected patches.

Links

https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/#comments

If you found this article helpful, would you consider buying me a Coffee?

Leave a Reply

Your email address will not be published.