August updates can paralyze Windows Server 2019
Microsoft is investigating problems with the August updates for Windows Server 2019, which can paralyze them.
Problematic Windows update.
(Image: Erstellt durch KI mit Bing Designer von heise online / dmk)
The security updates for Windows Server from Microsoft's August Patchday can paralyze Windows Server 2019. Microsoft is continuing to investigate the problem and is offering temporary solutions.
IT managers may find that after applying the August security updates, their Windows Server 2019 may become sluggish, unresponsive and experience high processor load, particularly around cryptographic services, Microsoft discusses in the Windows Release Health notes. Microsoft has received reports from organizations that the issue could be observed when antivirus software is running on the devices that scan the %systemroot%\system32\catroot2 directory for Windows updates, due to a catalog enumeration error.
Limited scenarios affected
"Our investigations have so far shown that the problem is limited to a few specific scenarios," explains Microsoft. If your own IT landscape is affected, the following device behavior can be observed: Increased CPU utilization, increased drive latency and usage, indications of degraded operating system or app performance, or indication that the CryptSVC service could not start, boot into a black screen, slow startup, and frozen and hanging systems.
Since these scenarios are usually used in enterprise environments, it is unlikely that home users of Windows Home or Pro will observe this behavior.
Microsoft is initially addressing the problem with the Known Issues rollback mechanism, which can remove faulty updates or update components. For IT managers, the company also provides a special group policy for download in the Windows Release Health notes, which can be found under "Computer Configuration" – "Adminsitrative Templates" – "Windows 10 1809 and Windows Server 2019 KB5041578 240816_21501 Known Issue Rollback" after it has been installed. The GPOs are specialized for different Windows versions and require a restart to become active.
The developers are working on an automatic solution for upcoming Windows updates. It will then no longer be necessary to download and install the group policy. However, Microsoft has not yet announced when the solution will be available.
(dmk)