July 2025 Windows Server 2025 Update Crashes AMD EPYC DL325 with IRQL_NOT_LESS_OR_EQUAL

An HPE ProLiant DL325 class server running Windows Server 2025 has been reported to crash to a Blue Screen of Death with the stop code IRQL_NOT_LESS_OR_EQUAL (what failed: ntoskrnl.exe) after applying the July 2025 cumulative updates (KB5062553 and follow-ons), sparking fresh warnings for server administrators to treat the July update cycle as potentially disruptive on some AMD EPYC–based systems. (borncity.com)

Background​

Windows Server 2025 entered broad rollout with a steady cadence of cumulative updates; as always, Microsoft’s monthly Patch Tuesday releases include security fixes, quality improvements, and occasionally regressions. The July 8, 2025 cumulative update for Windows Server 2025 is cataloged as KB5062553 (OS Build 26100.4652) and was followed by an out‑of‑band servicing package (KB5064489) intended to address a narrow boot issue for certain Azure VM configurations. Microsoft’s release-health pages list the July updates and the status of related known issues and mitigations. (support.microsoft.com, learn.microsoft.com)
This is not the first time Windows Server 2025 experienced update-related instability on enterprise hardware: earlier high-core-count issues were resolved by updates such as KB5046617 in late 2024, and the wider pattern of firmware/driver/OS interaction problems has repeatedly shown how subtle kernel changes can surface as BSODs on specific platforms.

What happened (summary of the incident)​

• An HPE ProLiant DL325 Gen10 Plus v2 (AMD EPYC 7443P) and a DL325 Gen10 (AMD EPYC 7402P) host were running Windows Server 2025 without incident when patched through June 2025 levels.
• After installing the July 8, 2025 cumulative update (KB5062553), systems booted to the login screen and then, within a few minutes post-login, hit a Stop Code 0x0000000A: IRQL_NOT_LESS_OR_EQUAL in ntoskrnl.exe. Reinstalling the OS then re-applying the July update reproduced the crash. (borncity.com)
• Installing the July 13, 2025 out‑of‑band update KB5064489 did not prevent the crash in the reported case, indicating the OOB did not address whatever kernel/driver interaction is causing the IRQL crash on these machines. (borncity.com)
• Similar instances have been reported independently (Microsoft Q&A, a Reddit thread, and a Thomas-Krenn wiki post) pointing to Supermicro H12 boards and other EPYC systems experiencing comparable post‑update BSODs. (learn.microsoft.com, borncity.com)

Why IRQL_NOT_LESS_OR_EQUAL matters (technical context)​

IRQL_NOT_LESS_OR_EQUAL is a classic kernel-mode error that indicates a driver or kernel component accessed pageable memory at an interrupt request level that disallowed the access, or otherwise used an invalid memory address from an elevated IRQL. The common root causes include:

• Faulty or incompatible kernel-mode drivers (network, storage, anti-cheat, virtualization drivers).
• CPU or chipset microcode/firmware incompatibilities exposed by a kernel change.
• Memory corruption from defective hardware or buggy low-level firmware/driver interactions.
• Race conditions introduced by changes in the OS scheduler or memory management.

When ntoskrnl.exe is listed as the failing module in the dump, it usually indicates the fault occurred in the kernel’s execution path (driver calls into the kernel, kernel-mode callback functions, or memory-management paths), but the root cause is nearly always a third‑party driver or hardware/firmware issue rather than the kernel image itself. Given the timing — reproducible only after installing the July 2025 update — the update likely changed kernel behavior or ordering in a way that exposed a latent incompatibility on the affected hardware.

Cross-checking the record: corroborating sources​

Independent reporting and community threads back up the BornCity account. Microsoft’s Windows Server 2025 release-health and KB documentation confirm the July 2025 cumulative update roll and related follow-ons; community posts on Microsoft Q&A describe an almost identical IRQL BSOD signature after KB5062553 on AMD EPYC systems; BornCity aggregates these reader reports and points to corroborating posts (Reddit and Thomas-Krenn). In short, multiple, independent channels show the same symptom set appearing after the July update—consistent with a regression introduced by the July updates on a subset of hardware. (learn.microsoft.com, borncity.com)

What is known and what is not (verifiable vs. unverified)​

• Known, verifiable facts:
• The July 8, 2025 cumulative update is KB5062553 (OS Build 26100.4652). (support.microsoft.com)
• Microsoft listed several July‑period issues and provided an out‑of‑band package KB5064489 for specific boot problems, and the Windows Server 2025 known‑issues page is being updated as problems are triaged. (learn.microsoft.com)
• Community and Microsoft Q&A posts document IRQL_NOT_LESS_OR_EQUAL BSODs that recur after installing KB5062553 on some AMD EPYC-based servers. (learn.microsoft.com, borncity.com)
• Unverified / not-yet-confirmed:
• The exact root cause (driver X, firmware Y, or specific microcode interaction) has not been publicly acknowledged by Microsoft as the singular root cause for all reports. BornCity and user posts speculate on AMD‑specific incompatibilities, but those remain hypotheses until Microsoft or affected OEMs publish a technical root-cause analysis. Treat that speculation as plausible but unproven. (borncity.com, learn.microsoft.com)

Impact assessment for data centers and server administrators​

This class of issue is high-impact for production servers for several reasons:

• The BSOD occurs after login, so remote management may be disrupted and automatic unattended remediation may not be effective.
• Reinstalling the OS temporarily removes the symptom until the July update is applied again — which means the release blocks upgrades for affected hardware and complicates patch management strategy.
• The problem affects bare-metal servers (not only VMs) in reported cases, increasing severity for physical host fleets. (borncity.com)

Server administrators running AMD EPYC-based HPE ProLiant DL325 systems (and administrators of Supermicro H12 boards, based on other community reports) should assume a non-zero probability of encountering this regression if they apply the July 2025 updates without prior validation in a test environment.

Recommended immediate actions (triage and mitigation)​

Follow these prioritized steps to protect production environments and quickly diagnose affected machines:

• Pause or block KB5062553 and related July updates on production hosts until you validate in a staging environment.
• Use WSUS/Windows Update for Business/Group Policy to prevent deployment.
• If an affected host is already crashing, uninstall KB5062553 as an emergency rollback:
• Run: wusa /uninstall /kb:5062553
• Reboot, validate server stability, and hold the update in your management system.
• Collect diagnostic artifacts before any further changes:
• Enable full memory dumps (System Properties > Advanced > Startup and Recovery), reproduce the crash, and archive the minidump/complete dump.
• Retrieve system event logs, driver lists (driverquery), and firmware revisions for BIOS/iLO/RAID/NICs.
• Analyze memory dumps with WinDbg (kd/windbg) or outsource to OEM/Microsoft support. If you can’t analyze yourself, provide dumps with full hardware/version metadata to HPE and Microsoft support.
• Update all platform firmware and device drivers on a test host first:
• BIOS/iLO (HPE), RAID controller firmware, NIC drivers, and storage drivers.
• Review HPE ProLiant advisory pages for DL325 firmware updates and compatibility notes.
• Validate AMD microcode/firmware: ensure vendor-supplied microcode or BIOS-level microcode patches are applied; OEM BIOS updates often include microcode updates for EPYC families.
• If you run third‑party kernel components (backup agents, security/anti-cheat, virtualization drivers), ensure they are at the vendor-recommended versions and test removing nonessential third‑party drivers on a staging host.
• Escalate to vendor support with logs and dumps:
• Open a case with HPE support and Microsoft support, supplying dumps, firmware versions, and the exact update catalog numbers.
• If immediate remediation is required and uninstalling KB5062553 stabilizes the host, schedule a controlled maintenance window to apply updates after vendors confirm compatibility.

These steps emphasize collecting diagnostic detail and preserving evidence to accelerate vendor triage. Do not perform risky driver or firmware updates on production without validation.

Technical troubleshooting checklist (detailed)​

• Check Windows Update status and the installed update list (wmic qfe list or Settings > Update history).
• Confirm the installed OS build (winver or systeminfo).
• Record hardware inventory (Megaraid / HPE iLO, CPU model, DIMM configuration).
• Dump collection:
• Configure full memory dump and reproduce.
• Use WinDbg: !analyze -v, lmvm ntoskrnl, !irp, and stack traces to identify the driver or module referenced by the faulting address.
• Driver and firmware correlation:
• Compare driver versions against vendor-supplied compatibility matrices for Windows Server 2025.
• Check HPE Support Center for known advisories about DL325 Gen10 / Gen10 Plus v2 and specific firmware releases for July/August 2025.
• Microcode and BIOS:
• Confirm BIOS and microcode versions; apply recommended updates on a test host.
• If the machine remains unstable, boot into Safe Mode (no 3rd-party kernel drivers) to determine whether a third-party driver is the proximate cause.

Long-term mitigation strategies and policy recommendations​

• Maintain a test lab that mirrors production hardware and OS baseline; apply monthly updates to test hosts first and run workload smoke tests for at least 48–72 hours before promoting to production.
• Use phased rollouts and canary rings for server updates; adopt update deployment policies that can quickly pause or roll back updates centrally.
• Keep an inventory of vendor driver and firmware versions and subscribe to OEM and Microsoft advisories.
• Automate crash dump collection and integrate dump analysis into incident response runbooks for faster triage.
• Consider additional safeguards (improved monitoring, synthetic transaction checks) to detect post‑update regressions within the first hours after patching.

How vendors are responding so far​

Microsoft’s official KB and release‑health entries document the July update and list some resolved or mitigated issues; however, where customers report unique hardware interactions, Microsoft often requests memory dumps and OEM involvement for joint triage. BornCity’s reporting and the Microsoft Q&A thread show that affected admins are being advised to collect dumps and open support cases, while community documentation (Thomas-Krenn and forum threads) offers interim observations and workaround advice (primarily rollback). (support.microsoft.com, learn.microsoft.com, borncity.com)
It’s worth emphasising that the July out‑of‑band patch (KB5064489) resolved a narrow boot issue for certain Azure VM configurations and is not a blanket fix for every update-related regression; the DL325 IRQL crash appears to be separate and not corrected by that OOB in the reported case. (learn.microsoft.com, borncity.com)

Practical checklist for HPE ProLiant DL325 administrators (concise)​

• Pause the July 2025 update rollout on DL325 servers pending validation.
• If impacted, uninstall KB5062553 and hold it using your update management tools.
• Gather dumps and hardware telemetry; escalate to HPE and Microsoft with evidence.
• Update server BIOS/iLO/firmware in a test environment before applying to production.
• Verify and update key drivers (chipset, storage, NIC) from HPE’s certified repositories.
• Keep close to OEM advisories; HPE support may provide model-specific guidance or firmware hotfixes.

Risk analysis and tradeoffs​

• Rolling back KB5062553 removes newly delivered security fixes; leaving the patch uninstalled exposes systems to vulnerabilities that Microsoft addressed in the July roll. That tradeoff must be weighed: short-term stability vs. security posture.
• The safer path usually is: stabilize production (rollback) while rapidly patching/validating test systems and coordinating with vendors to get a certified fix that preserves both stability and security.
• For high‑security environments where rollback is unacceptable, consider network isolation, additional compensating controls, and targeted micro‑segmentation until a verified fix is available.

What administrators should expect next​

• Vendors (Microsoft and OEMs) will typically request dumps and hardware metadata; case resolution may require joint debugging between Microsoft and the OEM.
• If a common root cause emerges, expect a targeted hotfix or driver/firmware advisory; if the root cause is highly hardware-specific, OEM firmware updates are the likely path.
• Monitor Microsoft’s Windows Server 2025 release‑health dashboard and OEM advisories; patience is necessary but rapid evidence collection and support escalation reduces time to fix. (learn.microsoft.com)

---

Conclusion​

The July 2025 cumulative update cycle (centered on KB5062553) has produced at least one reproducible, high‑impact regression on AMD EPYC‑based HPE ProLiant DL325 servers, manifesting as IRQL_NOT_LESS_OR_EQUAL BSODs in ntoskrnl.exe. The immediate operational guidance is clear: do not rush July 2025 updates into production DL325 fleets without testing; if systems already show the crash, uninstall KB5062553, collect full diagnostic artifacts, and open coordinated support cases with HPE and Microsoft. The public accounts and Microsoft’s own documentation confirm the pattern of update-induced regressions with specific hardware, but the precise root cause remains unproven in public‑facing bulletins at this time—administrators must therefore proceed with both caution and urgency, balancing stability with security while vendors work toward a permanent resolution. (borncity.com, support.microsoft.com, learn.microsoft.com)

---

Source: BornCity Windows Server 2025: HPE ProLiant DL325 server drops IRQL_NOT_LESS_OR_EQUAL BSOD after July 2025 update | Born's Tech and Windows World