Microsoft has pulled the January Windows Server cumulative updates after critical bugs caused domain controllers to reboot, Hyper-V to not work, and ReFS volume systems to become unavailable.
Tuesday, Microsoft released the January 2022 Patch Tuesday updates for Windows Server that includes numerous security updates and bug fixes.
These updates are KB5009624 for Windows Server 2012 R2, KB5009557 for Windows Server 2019, and KB5009555 for Windows Server 2022.
Microsoft pulls Windows Server updates
Soon after Microsoft released this week's Windows Server updates, admins who installed them began reporting that they encountered numerous severe issues.
These issues included domain controllers going through an endless reboot loop, ReFS volumes becoming inaccessible and showing as RAW file systems, and Hyper-V no longer starting on servers.
Today, BleepingComputer has been told that Microsoft has pulled the January Windows Server updates, and they are no longer accessible via Windows Update.
In tests conducted by BleepingComputer, we can confirm that our Windows Server 2019 install, which has the December cumulative update installed, is no longer offered the January KB5009557 update.
We have not independently verified if the other Windows Server updates have been removed but have been told by Windows admins that this is the case.
The updates are still available from the Microsoft Catalog, but BleepingComputer strongly recommends that admins not install the new Windows Server updates at this time.
While the updates resolve 97 security vulnerabilities, with some being critical, they are also causing significant disruption on Windows networks.
January's Windows 10 and Windows 11 cumulative updates are also breaking L2TP VPN connections but Microsoft has not pulled those updates at this time.
Update 1/14/22:
Windows Server Updates are back
Today, the Windows Server updates are back and available again via Windows Update.
As we stated yesterday, they were still available via the Microsoft Catalog, and admins later told BleepingComputer that they were also available via WSUS.
It is not clear why Microsoft only pulled them from Windows Update and did not respond to our questions about their disappearance.
However, Microsoft has confirmed to BleepingComputer via email that they are aware of the issues and are investigating them.
Microsoft has also created two new known issues in the Windows Message Center with more information.
"After installing KB5009557 on domain controllers (DCs), affected versions of Windows Servers might restart unexpectedly. Note: On Windows Server 2016 and later, you are more likely to be affected when DCs are using Shadow Principals in Enhanced Security Admin Environment (ESAE) or environments with Privileged Identity Management (PIM)," Microsoft explains regarding the domain controller reboots.
Microsoft has also confirmed they are investigating the issue where "virtual machines (VMs) in Hyper-V might fail to start" when installing updates on devices using UEFI.
Update 1/14/22 3:16 PM EST: Windows Server updates are back and Microsoft has confirmed they are aware of the issues.
Comments
Sennva - 2 years ago
Does the January cumulative update for Server 2016 also have these issues?
atari_guy - 2 years ago
Not as far as I can tell. The 2016 DC I updated yesterday has been just fine. I'm updating a second one now (which also means the update is still available).
Edit: it turns out my 2nd one was actually installing the December update. The January is no longer showing.
atari_guy - 2 years ago
(nevermind, see edit above)
povas - 2 years ago
Yes, the same behavior happened to me on two DC servers running WS2016
atari_guy - 2 years ago
Mine didn't have any problems, but I guess that's irrelevant now.
sarkx - 2 years ago
My 2016 DC had the lsass.exe rebooting issue after updating to KB5009546. resolved this by uninstalling this 2022-01 cumulative update. As of now, this update is still available. Don't update to this one!
atari_guy - 2 years ago
I wonder what the difference is between yours and mine that hasn't rebooted at all.
aseedig - 2 years ago
I have 3 DCs on Windows 2016 Datacenter. 2 are fine but the third on, which in fakt is a 100% identical system off one of the others, reboots since the update once a day. Not every 15 minutes, but once a day. Since this is the development and test system for our production server I am trying to find out, what the reboot is triggered by and why this is only on that computer. Microsoft... It doesn't make sense...
JBTito - 2 years ago
We have four 2k16, and new colleague installed KB5009546 (was pissed about it, but it is what it is)..so far no problems. I was ready to uninstall it but it seams it doesn't cause any problems yet :)
Zurv - 2 years ago
All of our DCs were updated on Tuesday. 5 2019 (all VMs (running in hyper-v) and one 2016 (non-VM). No problems.
We didn't patch out hyper-v host servers yet.. and won't :)
barnescoupon - 2 years ago
We had four physical 2019 DCs get in the boot loop. Uninstalled the update and things calmed down.
INTREPID-FL - 2 years ago
Don't install security updates for at least a week after release and feature update for at least 6 months. Larger companies test updates before deployment because they are often beta quality upon release. Besides Bleeping Computer, here is a good source for Windows Update news: https://www.askwoody.com
noelprg4 - 2 years ago
well Lawrence it seems that some of these patches came back for some users (or have NOT been pulled by MS) as recently reported by Born:
https://borncity.com/win/2022/01/14/microsoft-patch-day-issues-jan-2022-bugs-confirmed-but-updates-not-pulled/
Lawrence Abrams - 2 years ago
I mentioned in the article that they were available via the Microsoft Catalog yesterday.
However, they were definitely not available in Windows Update while testing multiple times yesterday. Was only offered the December update and other updates released this month, as shown by the image in the article.
Looks more likely it was one group not talking to another group at MS.
Regardless, I am being offered the updates once again via Windows Update after just checking. So they are back.
Not sure if anything changed.
beckabob2003 - 2 years ago
Agree noelprg4.
I've seen that posted on several sites, but the updates are still available in WSUS, and Windows Download site all with the Jan 10 date.
Does anyone have any confirmation from their Account Manager, Support, Website, Santa, etc that Microsoft is actually working on this?
Lawrence Abrams - 2 years ago
Microsoft has confirmed they are investigating the issues.
beckabob2003 - 2 years ago
Thanks Lawrence that's good to know!
Do you have a reference such as a Microsoft blog post or something? I'd love to provide some justification to my management to pull the patches on our DCs. So far I can only say "everyone other than Microsoft says that these patches are bad and with darn good reason".
Very frustrating that Microsoft hasn't publicly at least said "we're are of the problem and are looking into it"
Thanks for any direction you can provide!
Lawrence Abrams - 2 years ago
Email from Microsoft confirming they are "aware and investigating the issue."
They also posted a known issue in the message center:
https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2022#2775msgdesc
https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2012#2776msgdesc
Nothing that I can find on ReFS.
Updating the article now.
beckabob2003 - 2 years ago
"Email from Microsoft confirming they are "aware and investigating the issue."
They also posted a known issue in the message center:https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2022#2775msgdeschttps://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2012#2776msgdesc
Nothing that I can find on ReFS.
Updating the article now."
EXCELLENT Lawrence. Thanks for the help!
Ari Kukkonen - 2 years ago
I installed this update to three DC:s today, 2016. Two of those were fine, but third one went to reboot-loop which I could not recover in any other way than restoring from backup.
SeZell - 2 years ago
I just set up a new Server 2022 VM today. The updates are still available on Windows Update. I didn't expect to see "2022-01".
It's not a domain controller yet, but will be. Maybe they're blocking it for domain controllers?
barnescoupon - 2 years ago
They posted an out-Of-Band update, but it doesn't seem to want to apply to my 2019 DC. I installed the "bad" update then tried to install the patch but it said it was not applicable.
https://support.microsoft.com/en-us/topic/january-17-2022-kb5010790-os-build-14393-4889-out-of-band-567c392a-b10c-4dba-bed5-d3648af05164
Anyone else having the same results?
povas - 2 years ago
I have the same issue, tried it on WS2016
barnescoupon - 2 years ago
Tried it on 2016 and it still crashed or is said the new Out-Of-Band update didn't apply?
povas - 2 years ago
I cannot install the OOB update, says it is not applicable.