Full Report
Microsoft has fixed several known issues that caused Blue Screen of Death (BSOD) and installation issues on Windows Server 2025 systems with a high core count. [...]
Analysis Summary
# Vulnerability: Microsoft Windows Server 2025 and Client Updates Resolve Multiple Issues (Including BSODs and Login Failures)
## CVE Details
- CVE ID: Not explicitly listed in the provided text. Multiple issues are referenced.
- CVSS Score: Not explicitly listed.
- CWE: Not explicitly listed. The context describes symptoms (BSOD, login failure) rather than specific weaknesses.
## Affected Systems
- Products: Windows Server 2025, Windows 11 (specifically 24H2 builds related to the April 2025 security updates).
- Versions: Systems running Windows Server 2025 and Windows 11 24H2 that experienced issues after installing specific updates (e.g., KB5055523).
- Configurations:
- Windows Server 2025 Domain Controllers (DCs) were affected, causing inaccessibility upon restart.
- Windows Hello login failures on client and server systems.
- Issues related to Credential Guard with Kerberos PKINIT pre-auth.
- Systems running SenseShield Technology's `sprotect.sys` driver were subject to a safeguard hold in Windows 11 24H2 due to BSODs.
## Vulnerability Description
The provided text summarizes resolutions for several distinct issues addressed by Microsoft updates, not a single vulnerability:
1. **Windows Server 2025 Stability:** Fixes for blue screen errors and general installation instability on Server 2025.
2. **DC Inaccessibility:** Resolution for an issue where Windows Server 2025 DCs could become inaccessible following a restart after installing April 2025 security updates.
3. **Windows Hello Failure:** Fixes for users unable to log in via Windows Hello after installing April 2025 security updates on Windows 11 24H2 and Server 2025.
4. **Authentication Flaw:** Fixes for authentication issues when Credential Guard is enabled on systems utilizing the Kerberos PKINIT pre-auth security protocol.
5. **BSOD Incompatibility:** Introduction of a safeguard hold in Windows 11 24H2 to prevent installation on systems with the SenseShield Technology `sprotect.sys` driver due to potential Blue/Black Screen of Death (BSOD) errors.
## Exploitation
- Status: The text implies these are stability/configuration issues being resolved via patches, but does not state if any were actively exploited in the wild. The safeguard hold suggests potential instability that could lead to DoS, but exploitation status is **Undetermined/Not specified for direct compromise.**
- Complexity: Not specified.
- Attack Vector: Not specified, as the primary issues relate to system stability and updates.
## Impact
- Confidentiality: Potentially affected by authentication issues if Credential Guard protection was somehow bypassed or ineffective.
- Integrity: Affected by system instability (BSODs) leading to service disruption or data corruption if systems crashed unexpectedly.
- Availability: Significantly impacted by Domain Controller inaccessibility upon restart and system-wide BSODs.
## Remediation
### Patches
- The primary recommendation is to **install the latest security update** for the affected device.
- Specific knowledge of the KB associated with the April 2025 updates (e.g., **KB5055523** mentioned for client systems) is relevant for context regarding the initial failure points.
- A separate GPU bug in **WSL2** was fixed by update **KB5055612** (Preview).
### Workarounds
If security updates released since November cannot be immediately installed, administrators can apply a temporary workaround for the large logical processor issue (implied context for a prior stability issue):
1. Restart the server and enter **UEFI Setup**.
2. Locate the option to adjust the **number of cores per socket**.
3. Set the core count such that the **total number of logical processors is 256 or fewer**. (Total Logical Processors = Sockets * Cores per Socket * Logical Processors per Core).
4. Restart the server.
## Detection
- **Indicators of Compromise:** System crashes (BSOD/Blue Screen), server becoming inaccessible after reboot (especially DCs), user failures when logging in via Windows Hello.
- **Detection Methods and Tools:** Monitoring system event logs for critical errors related to updates or Kerberos authentication failures. Monitoring UEFI settings for deviations from planned configurations (if the workaround is in use).
## References
- Vendor advisories concerning April 8 2025 updates for Windows 11 24H2 (link defanged).
- Vendor advisories concerning April 8 2025 updates for Windows Server 2025 (link defanged).
- Relevant link regarding restart issues on older DCs (link defanged).
- Mention of authentication issue fixes (link defanged).
- Mention of Windows 11 24H2 safeguard hold related to `sprotect.sys` (link defanged).