[German]Small addendum regarding Windows Server 2019 and problems with the August 2024 patchday. Microsoft has now confirmed the performance problems caused by cumulative update KB5041578 for Windows 10 Enterprise 2019 LTSC and Windows Server 2019 that I mentioned in the blog. Furthermore, a Known Issues Rollback (KIR) has been released to remove the fix causing the issue. I will extract the relevant information in a separate blog post.
Advertising
Issues with Update KB5041578
On August 13, 2024, Microsoft released the cumulative update KB5041578 for Windows 10 2019 Enterprise LTSC and Windows 10 2019 IoT Enterprise LTSC as well as Windows Server 2019 (Patchday: Windows 10/Server Updates (August 13, 2024)). The update contains a number of bug fixes, which are listed in the support article.
Due to the Windows TCP/IP Remote Code Execution vulnerability CVE-2024-38063, which is classified as critical (CVEv3 Score 9.8), the update should be installed promptly. This is because the critical RCE vulnerability in Windows TCP/IP is classified as "Exploitation More Likely". However, there was a huge problem with this update.
I reported in the blog post Windows Server 2019/Windows 10 Enterprise 2019 LTSC: Performance Issues with Update KB5041578 that some systems are experiencing serious problems with Windows Server 2019 (and even Windows 10 2019 Enterprise LTSC systems) after installing the update.
- The devices are extremely slow and barely usable, as I described in one case with Windows 10 clients.
- With Windows Server 2019, the Remote Desktop no longer works or responds very slowly. A black screen may also appear.
It is then no longer possible to work on affected systems. There is also a thread on reddit.com with corresponding messages. In addition to uninstalling the update in question, I pointed out in my blog post that a workaround is to delete the contents of the folder:
C:\Windows\System32\catroot2
Advertising
must be deleted. This fixes a problem with the encryption services that is responsible for this behavior.
Microsoft confirms problem
On August 21, 2024, Microsoft published the support article Servers might face performance issues with the August 2024 security update in the Windows Release Health status area for Windows Server 2019 (the colleagues here noticed this). Microsoft confirms that after installing the Windows security update KB5041578 from August 13, 2024, problems may occur with Windows Server 2019 installations. This includes "system slowdowns, unresponsiveness and high CPU utilization", particularly with cryptographic services.
According to Microsoft, these issues have been observed and reported by a limited number of organizations. The observations were related to the execution of an (unnamed) antivirus software, which contains the folder:
%systemroot%\system32\catroot2
searches for Windows updates. According to Microsoft, the problems are due to an error in the catalog enumeration. Therefore, the advice to exclude the named folder from the scan by anti-virus software also helps.
Redmond states that previous investigations indicate that this problem is limited to some specific scenarios. The following problems have then been identified:
- Affected devices have an increased CPU load,
- or show increased hard disk latency / hard disk utilization
- The performance of the operating system or the application deteriorates
- The CryptSVC service cannot be started
- A black screen may appear when booting
- Slow booting, freezing or hanging is observed.
Microsoft says in his entry that "Home users of Windows using the Home or Pro editions are unlikely to face this issue, as this scenario is more likely to occur in corporate environments." In my opinion, this is of course nonsense – Windows 10 version 1809 has long since fallen out of support in the Home and Pro editions and has not received the update. Only Windows 10 2019 Enterprise LTSC and Windows 10 2019 IoT Enterprise LTSC can be affected as clients.
There is a fix via KIR
This problem is fixed with Known Issue Rollback (KIR). IT administrators must install and configure the special group policy linked below.
Download for Windows 10 1809 and Windows Server 2019: Windows 10 1809 and Windows Server 2019 KB5041578 240816_21501 Known Issue Rollback
Information on using the group policy can be found under How to use Group Policy to deploy a Known Issue Rollback.
Similar articles:
Microsoft Security Update Summary (August 13, 2024)
Patchday: Windows 10/Server Updates (August 13, 2024)
Patchday: Windows 11/Server 2022-Updates (August 13, 2024)
Windows Server 2012 / R2 and Windows 7 (August 13, 2024)
Windows Server 2019/Windows 10 Enterprise 2019 LTSC: Performance Issues with Update KB5041578
Review: Windows and the TCP-IP vulnerability CVE-2024-38063
Windows Bitlocker recovery key query bug fixed by August 2024 updates
Windows August 2024 update 'paralyzes' Linux boot
Microsoft responds to Linux boot bricked by Windows August 2024 update
Advertising
Thanks for the post, that helped me with troubleshooting.
I have two servers with Win Server 2019 on it. The update is installed on both, however only one got affected.
Remotedesktop suffered from serious laggyness. Things were reacting really slow on Remotedesktop. It became worse when it was in use and not idling. However when I opened the program NetLimiter (while the server was idling) things became slower and slower within seconds and everything froze, a re-login with RDP was not possible. I had to login via second account on the server and kill the process via taskmanager.
After reading your post I uninstalled KB5041578 via powershell, everything seems to be fine now. Will test it further before it will be back in use within my network.
permanently fixed with the recent September 2024 update for Server 2019 – KB5043050:
Servers might face performance issues with the August 2024 security update