Microsoft has confirmed and fixed a known issue causing performance issues, boot problems, and freezes on Windows Server 2019 systems after installing the August 2024 security updates.
The company acknowledged the issue following widespread reports from Windows admins saying that servers on their environments were experiencing performance issues and massive lags, becoming unusable after installing the KB5041578 cumulative update.
"After installing the August 2024 Windows security update, released August 13, 2024 (KB5041578), you might observe that some Windows Server 2019 devices experience system slowdowns, unresponsiveness, and high CPU usage particularly with Cryptographic Services," Microsoft confirmed on Wednesday.
"A limited number of organizations reported that the issue was observed when the device was running an Antivirus software which performs scans against the '% systemroot%\system32\catroot2' folder for Windows updates, due to an error with catalog enumeration."
While Redmond doesn't name the antivirus process causing these issues, affected admins have linked them to the Antimalware Service Executable service, the Windows Defender background process.
Microsoft added that in impacted IT environments, admins will observe that the affected servers:
- Show increased CPU utilization
- Experience increased disk latency/ disk utilization
- Indicate degraded OS or application performance
- Show that the Cryptographic Services (CryptSVC) service fails to start
- May boot into a black screen
- Experience slow boot
- Freeze or hang
Those using Home or Pro Windows editions are unlikely to experience this known issue because the scenario triggering it is more common in enterprise environments.
Fixed via Known Issue Rollback
Microsoft has resolved this widespread known issue through Known Issue Rollback (KIR) and is working to include the fix in a future Windows update. KIR is a Windows feature that helps reverse flawed non-security updates delivered via Windows Update.
To resolve the issue on impacted Windows enterprise-managed devices, Windows admins must install and set up the Windows 10 1809 and Windows Server 2019 KB5041578 240816_21501 Known Issue Rollback Group Policy. Following installation, you can find the Group Policy under Computer Configuration > Administrative Templates.
To deploy the Known Issue Rollback, go to the Local Computer Policy or the Domain policy on the domain controller using the Group Policy Editor to choose the Windows version you want to target. Next, restart the affected device(s) to apply the group policy setting.
You can find further guidance on deploying and configuring KIR Group Policies on the Microsoft support website.
"Once the update with the resolution is released, organizations will not need to install and configure this Group Policy to address this issue," the company added.
This week, Microsoft also confirmed that the August 2024 Windows security updates are breaking Linux booting on dual-boot systems with Secure Boot enabled.
Comments
doncoyote - 2 months ago
msmpeng.exe is behaving here.
johnicepick - 2 months ago
Thanks for the post.
This update was installed on both of my Win Servers 2019. One seems to be unaffected, the otherone suffered from serious laggyness. Things were reacting really slow on Remotedesktop, whenever I opened the program NetLimiter things became slower and slower within seconds and everything froze, a re-login with RDP was not possible. I had to login via second account and kill the process via taskmanager.
After reading your post I uninstalled KB5041578 via powershell, everything seems to be fine now. Will test it further before it will be back in use within my network.