Microsoft is fixing bugs in its April updates that affected enterprise customers.
Microsoft fixed a known issue that causes NTLM authentication to fail and domain controllers to restart after installing the April security updates for Windows Server.
The issue only affected Windows domain controllers in organizations with a high volume of NTLM traffic and a small number of core domain controllers. After installing the April security updates for Windows Server, administrators noticed a high load on systems and, in rare cases, a reboot of domain controllers due to failures in the LSASS service.
Microsoft fixed the bug as part of the May Tuesday patch (Patch Tuesday). The list of affected Windows versions and related updates includes:
Administrators who are unable to install updates immediately can take temporary action by removing the problematic April updates. However, removing the updates will also remove all vulnerability fixes.
Microsoft also fixed a zero-day vulnerability that is actively used to distribute QakBot on Windows systems. Kaspersky Lab noted that the exploit for this vulnerability was used together with QakBot and other malicious programs. It is assumed that several groups have access to the exploit.
Microsoft fixed a known issue that causes NTLM authentication to fail and domain controllers to restart after installing the April security updates for Windows Server.
The issue only affected Windows domain controllers in organizations with a high volume of NTLM traffic and a small number of core domain controllers. After installing the April security updates for Windows Server, administrators noticed a high load on systems and, in rare cases, a reboot of domain controllers due to failures in the LSASS service.
Microsoft fixed the bug as part of the May Tuesday patch (Patch Tuesday). The list of affected Windows versions and related updates includes:
- Windows Server 2022 ( KB5037782 );
- Windows Server 2019 ( KB5037765 );
- Windows Server 2016 ( KB5037763 );
- Windows Server 2012 R2 ( KB5037823 );
- Windows Server 2012 ( KB5037778 );
- Windows Server 2008 R2 ( KB5037780 );
- Windows Server 2008 SP2 ( KB5037800 ).
Administrators who are unable to install updates immediately can take temporary action by removing the problematic April updates. However, removing the updates will also remove all vulnerability fixes.
Microsoft also fixed a zero-day vulnerability that is actively used to distribute QakBot on Windows systems. Kaspersky Lab noted that the exploit for this vulnerability was used together with QakBot and other malicious programs. It is assumed that several groups have access to the exploit.
