Microsoft: August updates cause Windows Server boot issues, freezes
Microsoft has confirmed and fixed a known issue causing performance issues, boot problems, and freezes on Windows Server 2019 systems after installing the August 2024 security updates.
The company acknowledged the issue following widespread reports from Windows admins saying that servers on their environments were experiencing performance issues and massive lags, becoming unusable after installing the KB5041578 cumulative update.
"After installing the August 2024 Windows security update, released August 13, 2024 (KB5041578), you might observe that some Windows Server 2019 devices experience system slowdowns, unresponsiveness, and high CPU usage particularly with Cryptographic Services," Microsoft confirmed on Wednesday.
"A limited number of organizations reported that the issue was observed when the device was running an Antivirus software which performs scans against the '% systemroot%\system32\catroot2' folder for Windows updates, due to an error with catalog enumeration."
While Redmond doesn't name the antivirus process causing these issues, affected admins have linked them to the Antimalware Service Executable service, the Windows Defender background process.
Microsoft added that in impacted IT environments, admins will observe that the affected servers:
- Show increased CPU utilization
- Experience increased disk latency/ disk utilization
- Indicate degraded OS or application performance
- Show that the Cryptographic Services (CryptSVC) service fails to start
- May boot into a black screen
- Experience slow boot
- Freeze or hang
Those using Home or Pro Windows editions are unlikely to experience this known issue because the scenario triggering it is more common in enterprise environments.
Fixed via Known Issue Rollback
Microsoft has resolved this widespread known issue through Known Issue Rollback (KIR) and is working to include the fix in a future Windows update. KIR is a Windows feature that helps reverse flawed non-security updates delivered via Windows Update.
To resolve the issue on impacted Windows enterprise-managed devices, Windows admins must install and set up the Windows 10 1809 and Windows Server 2019 KB5041578 240816_21501 Known Issue Rollback Group Policy. Following installation, you can find the Group Policy under Computer Configuration > Administrative Templates.
To deploy the Known Issue Rollback, go to the Local Computer Policy or the Domain policy on the domain controller using the Group Policy Editor to choose the Windows version you want to target. Next, restart the affected device(s) to apply the group policy setting.
You can find further guidance on deploying and configuring KIR Group Policies on the Microsoft support website.
"Once the update with the resolution is released, organizations will not need to install and configure this Group Policy to address this issue," the company added.
This week, Microsoft also confirmed that the August 2024 Windows security updates are breaking Linux booting on dual-boot systems with Secure Boot enabled.
source: BleepingComputer
Free security scan for your website
Top News:
Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks
November 12, 2024Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority
November 19, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024