How Do I Enable DNS Over HTTPS and Fix Restart Loops in Windows Server 2025?

What Critical Fixes and Features Arrived in the Windows Server February 2026 Update?

Microsoft released comprehensive cumulative updates for all supported Windows Server versions on February 10, 2026. This cycle is particularly critical. Security researchers identified six zero-day vulnerabilities actively exploited in the wild, affecting core components like the Windows Shell and Remote Desktop Protocol. Administrators must prioritize these patches to secure their infrastructure against immediate threats. The updates also introduce functional improvements for DNS management in newer server versions.

• Updates for Windows Server 2025
• Cumulative Update: KB5075899

Server 2025 receives both security hardening and significant feature additions. This update resolves a known stability failure (KERNEL_SECURITY_CHECK_FAILURE) caused by dxgmms2.sys in specific GPU configurations. It also enforces stricter security by disabling forwarded I/O in the NVMe stack by default.

New Feature: DNS Over HTTPS (DoH) Preview

Administrators can now evaluate DNS over HTTPS (DoH) on Windows DNS Server. This protocol encrypts DNS traffic between the server and clients, improving privacy.

Advisory Note: This feature is currently in Public Preview. Do not deploy it in production environments as functionality may change before General Availability.

New Feature: DNS Resource Record Shuffling

To prevent load imbalances, the DNS Server now supports random shuffling of resource records in responses. This ensures the first record in a list does not receive all the traffic. You must enable this manually via the registry.

Registry Configuration:

• Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
• Value Name: RandomShuffle (DWORD)
• Value Data: 1 (Enable) or 0 (Disable)

User Interface Fixes

• File Explorer: The update fixes a bug where renaming folders containing desktop.ini failed. Custom folder names defined by LocalizedResourceName now display correctly.
• Fonts: Chinese fonts now support the GB18030‑2022A standard for expanded character coverage.

Updates for Windows Server 2022 and 23H2

Cumulative Updates: KB5075906 (Server 2022) / KB5075897 (Server 23H2)

These versions receive identical fixes to Server 2025 regarding File Explorer renaming, Chinese font support, and the GPU stability fix for dxgmms2.sys.

Critical Advisory: Virtual Secure Mode (VSM)

A known issue affects systems using Virtual Secure Mode (VSM) after this update. Impacted servers may fail to shut down or hibernate, entering a restart loop instead. Microsoft is investigating this behavior.

Security Logging Fix (Server 23H2)

The update restores functionality to Microsoft Defender SmartScreen. Previously, Application Reputation (AppRep) events failed to log, which hindered advanced threat hunting and event tracking.

Updates for Windows Server 2019 and 2016

Cumulative Updates: KB5075904 (Server 2019) / KB5075999 (Server 2016)

Legacy platforms focus primarily on stability and compliance.

• Windows Server 2019: Includes the GB18030-2022A font compliance update and the desktop.ini folder renaming fix. It also shares the VSM shutdown/restart loop issue present in Server 2022.
• Windows Server 2016: Receives the critical GPU stability fix to prevent system crashes.
• Both Versions: Receive the latest Service Stack Update (SSU). You must install the SSU before the cumulative update to ensure the patching process completes successfully.

Updates for Windows Server 2012 / R2 (ESU Only)

Monthly Rollups: KB5075970 (R2) / KB5075971 (2012)

These operating systems reached end-of-support in October 2023. Only organizations with an Extended Security Updates (ESU) license receive these patches. The February 2026 rollup provides essential security improvements to the internal Windows OS kernel. No specific functional bugs are documented, but the security patches are vital given the active threat landscape mentioned in this month’s summary.