Full Report
Microsoft warned IT admins that some Windows Server 2025 domain controllers might become inaccessible after a restart, causing apps and services to fail or remain unreachable. [...]
Analysis Summary
# Vulnerability: Windows Server 2025 Domain Controllers Fail Network Connectivity Post-Restart
## CVE Details
- CVE ID: Not specified in the source material (This appears to be an acknowledged Known Issue/Bug, not yet assigned a formal CVE).
- CVSS Score: Not provided.
- CWE: Not specified.
## Affected Systems
- Products: Microsoft Windows Server 2025
- Versions: Unspecified, applies to Domain Controllers (DCs) with the Active Directory domain controller role.
- Configurations: Occurs after the system restarts.
## Vulnerability Description
Domain Controllers running Windows Server 2025 may fail to manage network traffic correctly following a restart. This results in the affected DCs either becoming unaccessible on the domain network or becoming incorrectly accessible over ports and protocols that should be blocked by the domain firewall profile. This disrupts connectivity for services and applications running on those servers and prevents remote endpoints or other servers from reaching them.
## Exploitation
- Status: Known Issue (Internal operational failure, not described as external exploitation).
- Complexity: Not applicable (Operational issue).
- Attack Vector: Not applicable (Caused by system operation/restart).
## Impact
- Confidentiality: Potential bypass of intended firewall rules may lead to unauthorized port exposure.
- Integrity: Services and applications become inaccessible, leading to service disruption.
- Availability: Critical loss of network accessibility for Domain Controllers, impacting domain services.
## Remediation
### Patches
- Status: A permanent fix is being worked on by Microsoft and will be released in a future update. (No specific KB or version provided yet).
### Workarounds
1. **Manual Restart:** Manually restart the network adapter on the impacted server using methods such as the PowerShell command: `Restart-NetAdapter *`.
2. **Scheduled Task:** Create a scheduled task to automatically run the network adapter restart command (`Restart-NetAdapter *`) every time the Domain Controller server reboots, as the issue recurs upon every restart.
## Detection
- Indicators of Compromise: DCs failing to respond to standard domain queries, services inaccessible, or unusual network traffic flows originating from the DC endpoints over unexpected ports following a reboot.
- Detection methods and tools: Monitoring network connectivity and firewall logs on affected DCs immediately following any reboot cycle.
## References
- Vendor Advisories: Microsoft Release Health Dashboard update regarding Windows Server 2025.
- Relevant links:
- bleepingcomputer com/news/microsoft/microsoft-windows-server-2025-restarts-break-services-on-domain-controllers/
- learn:microsoft com/en-us/windows/release-health/status-windows-server-2025#domain-controllers-manage-network-traffic-incorrectly-after-restarting