Microsoft eliminated a well-known issue that has been causing problems with NTLM authentication failure and domain controller reboots after installing the April security updates for Windows Server.
This particular problem has only been affecting Windows domain controllers in organizations with high NTLM traffic and a low number of main domain controllers. After the installation of the April security updates, administrators observed increased system load and, in rare instances, the need to restore domain controllers due to LSASS service failures.
As part of the May Patch Tuesday updates, Microsoft rectified the error. The list of Windows versions and the corresponding updates includes:
- Windows Server 2022 (KB5037782);
- Windows Server 2019 (KB5037765);
- Windows Server 2016 (KB5037763);
- Windows Server 2012 R2 (KB5037823);
- Windows Server 2012 (KB5037778);
- Windows Server 2008 R2 (KB5037780);
- Windows Server 2008 SP2 (KB5037800).
For administrators who are unable to immediately install the updates, temporary measures can be taken by removing the problematic April updates. However, this will also result in the removal of all vulnerability fixes that were included in the updates.
Additionally, Microsoft addressed a zero-day vulnerability that was actively exploited to distribute Q