KB patch update making windows servers to reboot continuously

The problem you encountered on the domain controllers is due to installation of the January updates.

OS KB
Windows 2012/2012R2 January 11, 2022—KB5009624 (Monthly Rollup) (microsoft.com)
Windows 2016 January 11, 2022—KB5009546 (OS Build 14393.4886) (microsoft.com)
Windows 2019 January 11, 2022—KB5009557 (OS Build 17763.2452) (microsoft.com)
Windows 2022 January 11, 2022—KB5009555 (OS Build 20348.469) (microsoft.com)

This leads to a HEAP_CORRUPTION and causes the domain controllers to restart in a loop.

Error: The process wininit.exe has initiated the restart of computer DC on behalf of user for the following reason: No title for this reason could be foundReason Code: 0x50006Shutdown Type: restartComment: The system process ‘C:\Windows\system32\lsass.exe’ terminated unexpectedly with status code -1073741819. The system will now shut down and restart.Exception code: 0xc0000005

This affects OS Windows 2012/2012R2, 2016 / 2016 and 2022.

This is a known issue since the last weeks. The problem is understood,  OOB patch that should be released in the next days. At the moment there is no known good workaround rather than uninstalling this update, when possible, and wait for the release of the OOB patch.

Uninstallation suggestions:

Solution 1 (preferred):

– Unplug/disconnect the network cable, – Uninstall the update via GUI or command line: wusa.exe /uninstall /kb:<kbnumber> /quiet /norestart

– verify uninstallation : Get-HotFix -id kbxxx   example : Get-HotFix -id kb5009546

– restart the DC

– Verify that the DC will not reboot after a LSASS crash

– Reconnect the network cable.

Solution 2 : https://www.winhelponline.com/blog/uninstall-windows-10-update-offline-windows-recovery/

FAQs: 

Is there a fix/workaround for the impact of the 1B patch?
Currently there is no workaround. Microsoft is aware of the issue and is vigorously working on fix. No further data collection is required at this time.

 

Does this 1B impact member servers or just DCs?

DC’s only.

 

Does this 1B patch impact all OSes?

Only Server 2012+

How will the eventual fix be deployed?

Will be released as a non-security out-of-band package (OOB) and will need to be pulled down from Windows Update or Microsoft Update Catalog.

This package will be a superset of 1B; in other words, it will contain all of 1B PLUS our additional fixes. So, regardless of whether they have 1B installed already or not, installing the new OOB package will resolve the issue.