Microsoft Mitigates Windows Server 2019 Performance Issues After August 2024 Updates
Introduction
In August 2024, Microsoft released a set of security updates aimed at enhancing the protection and functionality of its systems. However, these updates inadvertently introduced significant performance issues for Windows Server 2019, leading to widespread reports of system slowdowns, boot problems, and freezes. Microsoft has since acknowledged these issues and provided a resolution through its Known Issue Rollback (KIR) feature. This blog explores the details of the problem, its impact on enterprise environments, and the steps Microsoft has taken to rectify the situation.
Impact of the August 2024 Security Updates
Shortly after the August 13, 2024, release of the KB5041578 cumulative update, administrators began noticing severe performance issues on their Windows Server 2019 systems. The issues reported included increased CPU utilization, disk latency, and a general decline in both operating system and application performance. Some servers even experienced boot failures, freezing at a black screen.
Specific Issues Reported
Among the most significant problems observed were:
- High CPU Usage:Servers exhibited excessive CPU consumption, particularly related to Cryptographic Services (CryptSVC).
- Disk Utilization: Disk operations slowed down significantly, leading to degraded system responsiveness.
- Boot Problems: Some systems failed to boot correctly, getting stuck at a black screen or experiencing extremely slow startup times.
- Service Failures: The Cryptographic Services (CryptSVC) service was noted to fail in many instances, further compounding the performance issues.
Cause of the Issues
Microsoft’s investigation revealed that the problems were particularly prevalent in environments running antivirus software that scans the %systemroot%\system32\catroot2 folder. This issue, related to catalog enumeration errors, was found to trigger the high CPU usage and other performance problems. Although Microsoft did not specifically name the antivirus software involved, reports from affected administrators pointed to the Antimalware Service Executable, the background process for Windows Defender, as a potential culprit.
Resolution Through Known Issue Rollback (KIR)
To address the widespread issues caused by the KB5041578 update, Microsoft utilized its Known Issue Rollback (KIR) feature. KIR allows Microsoft to reverse the effects of non-security updates that cause significant problems, restoring system stability without the need for extensive intervention by administrators.
Steps for Implementation
Administrators managing enterprise environments affected by these issues are advised to implement the Known Issue Rollback for Windows 10 1809 and Windows Server 2019. The process involves:
- Installing the KIR Group Policy: Admins should deploy the KB5041578 240816_21501 Known Issue Rollback Group Policy.
- Configuring Group Policy: After installation, the policy can be found under Computer Configuration > Administrative Templates in the Group Policy Editor. Admins must then select the appropriate Windows version to target.
- Restarting Affected Devices: A system restart is required to apply the Group Policy settings and resolve the issue.
Microsoft has also provided detailed guidance on deploying and configuring KIR Group Policies on their support website, ensuring that administrators can efficiently resolve the issue.
Looking Ahead: Future Updates and Precautions
Microsoft has assured users that the next update will include a permanent fix for the issues introduced by the August 2024 security updates. Once this update is released, there will be no need for additional Group Policy configurations to resolve these problems.
Additionally, in the same week, Microsoft confirmed that the August 2024 security updates have also caused issues with Linux booting on dual-boot systems with Secure Boot enabled. This serves as a reminder of the importance of thoroughly testing updates in enterprise environments before widespread deployment.
Conclusion
The August 2024 security updates for Windows Server 2019 have highlighted the potential risks associated with critical system updates. While Microsoft has acted swiftly to address the performance issues through its Known Issue Rollback feature, this incident underscores the importance of proactive system monitoring and prompt response to emerging threats. By implementing the recommended fixes and staying informed about future updates, IT administrators can ensure their environments remain secure and functional.
About Foresiet!
Foresiet is the pioneering force in digital security solutions, offering the first integrated Digital Risk Protection SaaS platform. With 24x7x365 dark web monitoring and proactive threat intelligence, Foresiet safeguards against data breaches and intellectual property theft. Our robust suite includes brand protection, takedown services, and supply chain assessment, enhancing your organization's defense mechanisms. Attack surface management is a key component of our approach, ensuring comprehensive protection across all vulnerable points. Compliance is assured through adherence to ISO27001, NIST, GDPR, PCI, SOX, HIPAA, SAMA, CITC, and Third Party regulations. Additionally, our advanced antiphishing shield provides unparalleled protection against malicious emails. Trust Foresiet to empower your organization to navigate the digital landscape securely and confidently.
Protect your brand, reputation, data, and systems with Foresiet's Integrated Digital Risk Platform. 24/7/365 threat monitoring for total peace of mind.
Sept. 12, 2024, 11:59 p.m.
Sept. 12, 2024, 11:49 p.m.