[German]Another addendum from the April 2024 patchday. The updates cause problems with NTLM connections to Windows Server. In any case, Microsoft has received corresponding user reports and is investigating the incident, as the company announced on April 30, 2024.
Advertising
I also became aware via the patchmanagement.org list that there is a problem with the April 2024 updates. Microsoft has published the entry NTLM traffic issue after installing the April 2024 security update.
It states that administrators may notice a significant increase in NTLM authentication traffic on domain controllers (DCs) after installing the April 2024 security update (KB5036909).
According to Microsoft, this issue is likely to affect organizations that have a very small percentage of primary domain controllers in their environment and high NTLM traffic. The following Windows versions are affected:
- Windows Server 2022: KB5036909
- Windows Server 2019: KB5036896
- Windows Server 2016: KB5036899
- Windows Server 2012 R2: KB5036960
- Windows Server 2012: KB5036969
- Windows Server 2008 R2 SP1: KB5036967
- Windows Server 2008 SP2: KB5036932
Microsoft is working on a solution and wants to provide an update in one of the next versions.
Advertising
NTLM problems FIXED with the May 2024 security updates released May 14:
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#3292msgdesc
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-bug-causing-crashes-ntlm-auth-failures/