Microsoft: August updates cause Windows Server boot issues, freezes

Microsoft has taken significant steps to address a performance-related issue that emerged following the installation of the August 2024 security updates on Windows Server 2019 systems. This concern was brought to light after numerous reports from Windows administrators indicated that their servers were experiencing severe slowdowns, boot complications, and freezes after applying the KB5041578 cumulative update.

In a statement released on Wednesday, Microsoft acknowledged the challenges faced by users, noting that certain Windows Server 2019 devices might exhibit symptoms such as system sluggishness, unresponsiveness, and elevated CPU usage, particularly linked to Cryptographic Services. The company specified that a limited number of organizations had identified the issue as being exacerbated by antivirus software that conducts scans on the ‘%systemroot%system32catroot2’ folder, which is integral to Windows updates.

While Microsoft did not specify the antivirus software involved, many affected administrators have pointed to the Antimalware Service Executable, a component of Windows Defender, as a potential culprit. The symptoms reported by impacted IT environments include:

  • Increased CPU utilization
  • Heightened disk latency and utilization
  • Degraded performance of the operating system or applications
  • Failures in starting the Cryptographic Services (CryptSVC)
  • Instances of booting into a black screen
  • Slow boot times
  • Freezing or hanging of the system

Interestingly, users of Home or Pro editions of Windows are less likely to encounter this issue, as the triggering scenario tends to be more prevalent in enterprise settings.

​Fixed via Known Issue Rollback

To remedy this widespread issue, Microsoft has implemented a Known Issue Rollback (KIR), a feature designed to reverse problematic non-security updates delivered through Windows Update. For Windows admins managing affected enterprise devices, the resolution involves installing and configuring the Windows 10 1809 and Windows Server 2019 KB5041578 240816_21501 Known Issue Rollback Group Policy.

After installation, this Group Policy can be located under Computer Configuration > Administrative Templates. To deploy the KIR, administrators should access the Local Computer Policy or the Domain policy on the domain controller via the Group Policy Editor, selecting the appropriate Windows version for targeting. A restart of the affected device(s) will be necessary to apply the new group policy settings.

For further assistance with deploying and configuring KIR Group Policies, Microsoft has provided detailed guidance on its support website. The company reassured users that once the update containing the resolution is released, organizations will not need to manually install or configure this Group Policy to rectify the issue.

Additionally, this week, Microsoft confirmed another complication arising from the August 2024 Windows security updates, noting that they are causing boot failures on Linux systems configured for dual-boot with Secure Boot enabled.

Winsage
Microsoft: August updates cause Windows Server boot issues, freezes