May 14, 2024 at 03:15PM
Microsoft has resolved an issue causing NTLM authentication failures and domain controller reboots after April’s Windows Server security updates. The problem affects domain controllers with high NTLM traffic and few primary DCs. The fix is included in the May 2024 cumulative updates. Admins unable to install the latest updates can temporarily remove the problematic April updates, but this also removes security fixes.
From the meeting notes, the main takeaways are:
– Microsoft has fixed a known issue causing NTLM authentication failures and domain controller reboots after installing last month’s Windows Server security updates.
– The issue affects Windows domain controllers with a lot of NTLM traffic and few primary DCs, leading to high load and in rare cases, domain controller reboots.
– Admins may notice a significant increase in NTLM authentication traffic after installing the April 2024 security update on domain controllers in environments with a small percentage of primary DCs and high NTLM traffic.
– The known issue has been resolved in Windows Server cumulative updates released during the May 2024 Patch Tuesday, including updates for impacted Windows versions.
– Admins who cannot immediately install the May updates can temporarily work around the issues by removing the problematic April updates. However, this will also remove security fixes for patched vulnerabilities included in the Patch Tuesday cumulative update.
– Microsoft also fixed a zero-day bug exploited in the wild to deploy QakBot and other malware onto vulnerable Windows systems.
Let me know if you need further details or action items.