Earlier this month, Microsoft confirmed that a Windows Server update KB5036909 was buggy, leading to NTLM traffic spikes in Domain Controllers (DCs). The tech giant later added that in some instances, LSASS crashes were also happening, leading to a system reboot.
With the latest Windows Server Patch Tuesday update, Microsoft has resolved this issue. It notes on the Windows Health Dashboard website:
Resolution: This issue was resolved by Windows updates released May 14, 2024 (KB5037782), and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one.
The resolution has also been listed in the highlights of KB5037782. However, there is no mention specifically of the LSASS crashes so that may or may not be resolved:
This update addresses a known issue that might affect domain controllers (DC). NTLM authentication traffic might increase.
The full list of improvements in the KB5037782 Server update is given below:
This update addresses a known issue that might affect domain controllers (DC). NTLM authentication traffic might increase.
This update addresses an issue that affects IE mode. A webpage stops working as expected when there is an open modal dialog.
This update addresses an issue in that affects IE mode. It stops responding. This occurs if you press the left arrow key when an empty text box has focus and caret browsing is on.
This update addresses an issue that affects Wi-Fi Protected Access 3 (WPA3) in the Group Policy editor. HTML preview rendering fails.
This update addresses an issue that affects a server after you remove it from a domain. The Get-LocalGroupMember cmdlet returns an exception. This occurs if the local groups contain domain members.
This update affects next secure record 3 (NSEC3) validation in a recursive resolver. Its limit is now 1,000 computations. One computation is equal to the validation of one label with one iteration. DNS Server Administrators can change the default number of computations. To do this, use the registry setting below.
Name: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\MaxComputationForNsec3Validation
Type: DWORD
Default: 1000
Max: 9600
Min: 1
This update addresses an issue that affects a network. An error occurs when credentials expire.
This update addresses an issue that occurs when you use LoadImage() to loada top-down bitmap. If the bitmap has a negative height, the image does not load, and the function returns NULL.
This update includes quarterly changes to the Windows Kernel Vulnerable Driver Blocklist file, DriverSiPolicy.p7b. It adds to the list of drivers that are at risk for Bring Your Own Vulnerable Driver (BYOVD) attacks.
This update addresses an issue that affects a workstation that is not in a domain. When you connect from it to a share and use an IPV6 address, you get the error, “ERROR_BAD_NET_NAME.”
This update addresses a known issue that might cause your VPN connection to fail. This occurs after you install the update dated April 9, 2024, or later.
This update addresses an issue that might affect Virtual Secure Mode (VSM) scenarios. They might fail. These scenarios include VPN, Windows Hello, Credential Guard, and Key Guard.
This update addresses an issue that affects Group Policy Folder Redirection in a multi-forest deployment. The issue stops you from choosing a group account from the target domain. Because of this, you cannot apply advanced folder redirection settings to that domain. This issue occurs when the target domain has a one-way trust with the domain of the admin user. This issue affects all Enhanced Security Admin Environment (ESAE), Hardened Forests (HF) or Privileged Access Management (PAM) deployments.
You can view the support article on this page on Microsoft's website.
0 Comments - Add comment