[German]The cumulative update KB5041578 for Windows 10 Enterprise 2019 LTSC and Windows Server 2019 was released on August 13, 2024 (second Tuesday of the month, patch day at Microsoft). In the meantime, I have received reports from readers about serious problems with the update. From slow systems to black screens, various error patterns are reported. Here is a brief overview of this topic and a possible workaround.
Advertising
Windows Update KB5041578
Cumulative Update KB5041578 is only available for Windows 10 2019 Enterprise LTSC and Windows 10 2019 IoT Enterprise LTSC as well as Windows Server 2019 (Patchday: Windows 10/Server Updates (August 13, 2024)). The update contains a number of bug fixes, which are listed in the support article. Among other things, the Bitlocker problem from the July 2024 update is fixed. And various hardening measures for Windows are activated.
Due to the Windows TCP/IP Remote Code Execution vulnerability CVE-2024-38063, which is classified as critical (CVEv3 Score 9.8), see Microsoft Security Update Summary (August 13, 2024), the update should be installed promptly. The critical RCE vulnerability in Windows TCP/IP is classified as "Exploitation More Likely". An attacker can exploit this vulnerability remotely by sending specially crafted IPv6 packets to a host. Microsoft recommends disabling IPv6, as only IPv6 packets can be abused to exploit this vulnerability.
Performance issues with the KB5041578 update
Cumulative Update KB5041578 seems to cause problems with Windows 10 as well as Windows Server 2019 in certain constellations.
Report 1: Windows 10 Enterprise 2019 LTSC
German blog reader Arthur contacted me by email because he has run into massive problems with the KB5041578 update on Windows 10 2019 Enterprise LTSC systems in his environment. He writes that the devices take ages to log on after the update. The desktop then remains black for several minutes. Once the desktop is loaded, the system runs so slowly that affected devices cannot be used. Remote Powershell also does not work in this state.
According to the reader, it is mainly legacy BIOS devices that are affected in his environment. However, he writes that some UEFI computers are also affected. If the update is uninstalled, everything returns to normal, writes the reader. As soon as the update is reinstalled, the error pattern returns. He asks whether the problem is known in the community, as he couldn't find anything about it online? I myself can't find anything like this on my Windows 10 2019 IoT Enterprise LTSC system, the system runs as it did before the update.
Advertising
Report 2: Windows Server 2019
Addendum: German blog reader Michael has contacted me now by e-mail, because update KB5041578 caused serious issues on 3 servers. The [Windows Server 2019] machines ran extreme slowly after the update installation because the systems were busy. What he found worst of all was the fact that the remote desktop no longer worked or only responded very, very slowly. Remote working was no longer possible. He then used PowerShell to uninstall the updates, which he said took hours.
Report 3: Windows Server 2019
In the meantime, comments have been left in the German blog on the article Patchday: Windows 10/Server-Updates (13. August 2024), that report something similar. Hary writes in this German comment that he ran into the problem that after the update to Windows Server 2029, the RDP connection only showed a black screen.
After about an hour, an desktop image did appear on the remote desktop. However, the system and the connection responded extremely slowly and no interaction was possible. Not even the task manager could be opened, and the administrator only has access to the system via RDP. The error details sounds like the description above.
Another confirmation and a workaround
In this German comment Hary specifies this error description. Another reader points to this reddit.com thread, where the error pattern (some lagging servers 2019) is also described.
kb5041578 is causing us issues on a few 2019 servers (but not all) , when installed it causes lagging and apps are unresponsive at times. Once uninstalled everything returns to normal. Does anyone have any ideas on what might be going on? We haven't been able to identify a pattern to this issue.
What I recognized: It doesn't affect all users of Windows Server 2019 or Windows 10 2019 Enterprise LTSC and Windows 10 2019 IoT Enterprise LTSC.
Solution Empty catroot2 folder?
But there may be an explanation and a fix. A user responds that deleting the contents of the folder:
C:\Windows\System32\catroot2
seems to fix this problem in his environment. According to the user, deleting the contents of the folder before patching does not seem to cause the problem at all. However, I have not been able to test this – as I am not affected myself. But I got now confirmation, that this works (see also the comment below).
What could be the root cause?
The interesting question is why it affects servers and clients for some people, but not others. In the Reddit.com thread linked above, I may have found the root cause. The person affected was asked on Reddit how he came up with the above solution.
The affected person noticed a high CPU utilization by the encryption services on all affected computers. He states that something was quickly writing and deleting logs in catroot2. After that, he simply googled for possible causes and solutions.
Another user notes that some systems stop the cryptographic service, getting stuck in the stop-pending phase for several minutes. Then the log files are searched and the system calms down. Then the cryptographic service runs again. However, the log files in System32\catroot2 are recreated every 2 minutes on problematic systems.
Perhaps it will help those affected. Thanks to Arthur and the other blog readers for the tips and also for the feedback below.
Similar articles:
Microsoft Security Update Summary (August 13, 2024)
Patchday: Windows 10/Server Updates (August 13, 2024)
Advertising
Issue confirmed here on 2 out of 6 Windows Server 2019 machines patched this morning, no real commonality between those servers except the OS. Workaround works.
Thanks for your feedback.
Thx for your feedback too
I think a simplier solution is to check if the folder that starts with {C6B0F072- exists.
See: https://www.reddit.com/r/sysadmin/comments/1eqziiy/comment/lieofg4/
no such "performance" problems on my Win10 LTSC 2019 computer with the KB5041578 update installed, guenni. unable to encounter nor reproduce the problem and that computer is using legacy bios
I've been checking all my Windows systems. All I find:
rem the good folder with system files
DIR /B C:\Windows\System32\CatRoot
{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
rem this is perhaps a cache
DIR /B C:\Windows\System32\CatRoot2
{127D0A1D-4EF2-11D1-8608-00C04FC295EE}
{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
These two GUIDs are very common across all windows versions.
The problem may be some 3rd party software also adds things here? C:\Windows\System32\catroot2
Your German blog article includes many comments with possible fixes:
https://www.borncity.com/blog/2024/08/16/windows-server-2019-windows-10-enterprise-2019-ltsc-probleme-mit-update-kb5041578/
Many thanks! Updates went OK on all my computer systems.
Is Microsoft planning to revoke and release other patch?
It's vacation month. The issue is not widespread. Workaround exists. All points that the issue is caused by 3rd party software (driver installation packages?).
https://www.reddit.com/r/sysadmin/comments/1eqziiy/comment/lieofg4/
https://answers.microsoft.com/en-us/windows/forum/all/slow-operation-after-update-8152024/1e3af09b-f6e3-4690-8a3f-7a8598e1b397
It helps also to define exceptions in AntiVirus for the two folder C:\Windows\System32\CatRoot and C:\Windows\System32\catroot2