Microsoft has mounted a identified problem inflicting NTLM authentication failures and area controller reboots after putting in final month’s Home windows Server safety updates.
In keeping with a Home windows well being dashboard entry, this problem solely impacts Home windows area controllers in organizations with plenty of NTLM site visitors and few major DCs.
On affected methods, after deploying the April Home windows Server safety updates, admins can even see excessive load and, in uncommon cases, area controller reboots as a result of Native Safety Authority Subsystem Service (LSASS) course of crashes.
“After installing the April 2024 security update on domain controllers (DCs), you might notice a significant increase in NTLM authentication traffic,” Microsoft says.
“This issue is likely to affect organizations that have a very small percentage of primary domain controllers in their environment and high NTLM traffic.”
​Microsoft mounted this identified problem in Home windows Server cumulative updates launched as we speak through the Could 2024 Patch Tuesday.
The record of impacted Home windows variations and the cumulative updates that repair the identified problem consists of:
“This problem was resolved by Home windows updates launched Could 14, 2024 (KB5037782), and later,” the corporate explains on the Home windows Server 2022 well being dashboard.
“We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one.”
Admins who can’t instantly set up this month’s Patch Tuesday updates can nonetheless briefly work round these identified points by eradicating the problematic April updates.
“To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages,” Microsoft says.
Nonetheless, it is crucial to notice that Redmond consists of safety fixes within the Patch Tuesday cumulative replace; therefore, eradicating the April 2024 updates to resolve the area controller and NTLM auth points can even wipe all fixes for patched vulnerabilities.
Immediately, ​Microsoft additionally mounted a zero-day bug exploited within the wild to deploy QakBot and different malware onto susceptible Home windows methods.
