{"id":34864,"date":"2024-08-23T23:00:10","date_gmt":"2024-08-23T21:00:10","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=34864"},"modified":"2024-08-23T23:00:10","modified_gmt":"2024-08-23T21:00:10","slug":"windows-server-2019-microsoft-confirms-and-fixes-performance-issues-with-update-kb5041578","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/08\/23\/windows-server-2019-microsoft-confirms-and-fixes-performance-issues-with-update-kb5041578\/","title":{"rendered":"Windows Server 2019: Microsoft confirms and fixes performance issues with update KB5041578"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Windows\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" alt=\"Windows\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2024\/08\/23\/windows-server-2019-microsoft-besttigt-und-fixt-performance-probleme-mit-update-kb5041578\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Small addendum regarding Windows Server 2019 and problems with the August 2024 patchday. Microsoft has now confirmed the performance problems caused by cumulative update KB5041578 for Windows 10 Enterprise 2019 LTSC and Windows Server 2019 that I mentioned in the blog. Furthermore, a Known Issues Rollback (KIR) has been released to remove the fix causing the issue. I will extract the relevant information in a separate blog post.<\/p>\n<p><!--more--><\/p>\n<h2>Issues with Update KB5041578<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg07.met.vgwort.de\/na\/344de2da5da9477cbb9b9189271578e2\" alt=\"\" width=\"1\" height=\"1\" \/>On August 13, 2024, Microsoft released the cumulative update <a href=\"https:\/\/support.microsoft.com\/help\/5041578\">KB5041578<\/a> for Windows 10 2019 Enterprise LTSC and Windows 10 2019 IoT Enterprise LTSC as well as Windows Server 2019 (<a href=\"https:\/\/borncity.com\/win\/2024\/08\/14\/patchday-windows-10-server-updates-august-13-2024\/\">Patchday: Windows 10\/Server Updates (August 13, 2024)<\/a>). The update contains a number of bug fixes, which are listed in the support article.<\/p>\n<p>Due to the Windows TCP\/IP Remote Code Execution vulnerability <u><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2024-38063\">CVE-2024-38063<\/a><\/u>, which is classified as critical (CVEv3 Score 9.8), the update should be installed promptly. This is because the critical RCE vulnerability in Windows TCP\/IP is classified as \"Exploitation More Likely\". However, there was a huge problem with this update.<\/p>\n<p>I reported in the blog post <a href=\"https:\/\/borncity.com\/win\/2024\/08\/16\/windows-server-2019-windows-10-enterprise-2019-ltsc-issues-with-update-kb5041578\/\">Windows Server 2019\/Windows 10 Enterprise 2019 LTSC: Performance Issues with Update KB5041578<\/a> that some systems are experiencing serious problems with Windows Server 2019 (and even Windows 10 2019 Enterprise LTSC systems) after installing the update.<\/p>\n<ul>\n<li>The devices are extremely slow and barely usable, as I described in one case with Windows 10 clients.<\/li>\n<li>With Windows Server 2019, the Remote Desktop no longer works or responds very slowly. A black screen may also appear.<\/li>\n<\/ul>\n<p>It is then no longer possible to work on affected systems. There is also <a href=\"https:\/\/old.reddit.com\/r\/sysadmin\/comments\/1eqziiy\/patch_tuesday_megathread_20240813\/lievpdx\/\" target=\"_blank\" rel=\"noopener\">a thread<\/a> on reddit.com with corresponding messages. In addition to uninstalling the update in question, I pointed out in my blog post that a workaround is to delete the contents of the folder:<\/p>\n<p>C:\\Windows\\System32\\catroot2<\/p>\n<p>must be deleted. This fixes a problem with the encryption services that is responsible for this behavior.<\/p>\n<h2>Microsoft confirms problem<\/h2>\n<p>On August 21, 2024, Microsoft published the support article <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/release-health\/status-windows-10-1809-and-windows-server-2019#3375msgdesc\" target=\"_blank\" rel=\"noopener\">Servers might face performance issues with the August 2024 security update<\/a> in the <a href=\"https:\/\/learn.microsoft.com\/en-us\/windows\/release-health\/\" target=\"_blank\" rel=\"noopener\">Windows Release Health status area<\/a> for Windows Server 2019 (the colleagues <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-august-updates-cause-windows-server-boot-issues-freezes\/\" target=\"_blank\" rel=\"noopener\">here<\/a> noticed this). Microsoft confirms that after installing the Windows security update KB5041578 from August 13, 2024, problems may occur with Windows Server 2019 installations. This includes \"system slowdowns, unresponsiveness and high CPU utilization\", particularly with cryptographic services.<\/p>\n<p>According to Microsoft, these issues have been observed and reported by a limited number of organizations. The observations were related to the execution of an (unnamed) antivirus software, which contains the folder:<\/p>\n<p>%systemroot%\\system32\\catroot2<\/p>\n<p>searches for Windows updates. According to Microsoft, the problems are due to an error in the catalog enumeration. Therefore, the advice to exclude the named folder from the scan by anti-virus software also helps.<\/p>\n<p>Redmond states that previous investigations indicate that this problem is limited to some specific scenarios. The following problems have then been identified:<\/p>\n<ul>\n<li>Affected devices have an increased CPU load,<\/li>\n<li>or show increased hard disk latency \/ hard disk utilization<\/li>\n<li>The performance of the operating system or the application deteriorates<\/li>\n<li>The CryptSVC service cannot be started<\/li>\n<li>A black screen may appear when booting<\/li>\n<li>Slow booting, freezing or hanging is observed.<\/li>\n<\/ul>\n<p>Microsoft says in his entry that \"Home users of Windows using the Home or Pro editions are unlikely to face this issue, as this scenario is more likely to occur in corporate environments.\" In my opinion, this is of course nonsense &#8211; Windows 10 version 1809 has long since fallen out of support in the Home and Pro editions and has not received the update. Only Windows 10 2019 Enterprise LTSC and Windows 10 2019 IoT Enterprise LTSC can be affected as clients.<\/p>\n<h2>There is a fix via KIR<\/h2>\n<p>This problem is fixed with <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/known-issue-rollback-helping-you-keep-windows-devices-protected\/ba-p\/2176831\" target=\"_blank\" rel=\"noopener\">Known Issue Rollback (KIR)<\/a>. IT administrators must install and configure the special group policy linked below.<\/p>\n<p><a href=\"https:\/\/download.microsoft.com\/download\/03c7aacb-1f7b-443d-95e8-6d7d301ac831\/Windows%2010%201809%20and%20Windows%20Server%202019%20KB5041578%20240816_21501%20Known%20Issue%20Rollback.msi\" target=\"_blank\" rel=\"noopener\">Download for Windows 10 1809 and Windows Server 2019<\/a>: Windows 10 1809 and Windows Server 2019 KB5041578 240816_21501 Known Issue Rollback<\/p>\n<p>Information on using the group policy can be found under <a href=\"https:\/\/learn.microsoft.com\/en-us\/troubleshoot\/windows-client\/group-policy\/use-group-policy-to-deploy-known-issue-rollback\" target=\"_blank\" rel=\"noopener\">How to use Group Policy to deploy a Known Issue Rollback<\/a><u><\/u>.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2024\/08\/14\/microsoft-security-update-summary-august-13-2024\/\">Microsoft Security Update Summary (August 13, 2024)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2024\/08\/14\/patchday-windows-10-server-updates-august-13-2024\/\">Patchday: Windows 10\/Server Updates (August 13, 2024)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2024\/08\/14\/patchday-windows-11-server-2022-updates-august-13-2024\/\">Patchday: Windows 11\/Server 2022-Updates (August 13, 2024)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2024\/08\/15\/windows-server-2012-r2-und-windows-7-august-13-2024\/\">Windows Server 2012 \/ R2 and Windows 7 (August 13, 2024)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2024\/08\/16\/windows-server-2019-windows-10-enterprise-2019-ltsc-issues-with-update-kb5041578\/\">Windows Server 2019\/Windows 10 Enterprise 2019 LTSC: Performance Issues with Update KB5041578<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2024\/08\/18\/review-windows-and-the-tcp-ip-vulnerability-cve-2024-38063\/\">Review: Windows and the TCP-IP vulnerability CVE-2024-38063<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2024\/08\/17\/windows-bitlocker-recovery-key-query-bug-fixed-by-august-2024-updates\/\">Windows Bitlocker recovery key query bug fixed by August 2024 updates<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2024\/08\/21\/windows-august-2024-update-paralyzes-linux-boot\/\">Windows August 2024 update 'paralyzes' Linux boot<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2024\/08\/22\/microsoft-responds-to-linux-boot-bricked-by-windows-august-2024-update\/\">Microsoft responds to Linux boot bricked by Windows August 2024 update<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Small addendum regarding Windows Server 2019 and problems with the August 2024 patchday. Microsoft has now confirmed the performance problems caused by cumulative update KB5041578 for Windows 10 Enterprise 2019 LTSC and Windows Server 2019 that I mentioned in the &hellip; <a href=\"https:\/\/borncity.com\/win\/2024\/08\/23\/windows-server-2019-microsoft-confirms-and-fixes-performance-issues-with-update-kb5041578\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[463,22,2],"tags":[47,195,1498],"class_list":["post-34864","post","type-post","status-publish","format-standard","hentry","category-issue","category-update","category-windows","tag-issue","tag-update","tag-windows-server-2019"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=34864"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34864\/revisions"}],"predecessor-version":[{"id":34865,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/34864\/revisions\/34865"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=34864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=34864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=34864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}