Microsoft has confirmed new issues in KB5036909 for Windows Server 2022 that could cause a surge in NTLM traffic and even lead to LSASS crashes, which could reboot your system automatically. To fix issues with KB5036909, you can run DISM /online /get-packages and manually remove the package.
Windows April 2024 security updates have been rough for everyone, including consumers and businesses. Windows Latest has already flagged as many as three critical issues in the April 2024 Patch, and the fourth new bug has been spotted in Windows Server 2022
Microsoft warned about the issues in its latest update on the KB5036909 announcement page. You might notice an abrupt blowup in NTLM authentication traffic if you are an administrator. For those unaware, it is an authentication protocol to verify the user’s identity to establish a connection.
NTLM is a legacy protocol that’s not as heavily used as Kerberos but was mangled by April’s security update. In addition to the NTLM traffic surge, Microsoft informed that Windows Server PCs acting as a Domain Controller could encounter a service crash issue.
The abrupt crash of the Local Security Authority Subsystem Service (LSASS) can force your PC to reboot. This problem exists in Windows Server 2022 and affects all older editions, including Windows Server 2008.
Here’s a full list of affected Windows edditions:
- Windows Server 2022 (KB5036909)
- Windows Server 2019 (KB5036896)
- Windows Server 2016 (KB5036899)
- Windows Server 2012 R2 (KB5036960)
- Windows Server 2012 (KB5036969)
- Windows Server 2008 R2 (KB5036967)
- Windows Server 2008 (KB5036932).
If you are looking for a resolution, you must wait until Microsoft rolls out a patch. As always, you can choose to uninstall the update via PowerShell.
Windows Server is also plagued with two other issues in the April 2024 update.
Profile Photo and VPN connection errors
You might encounter an error if you try changing the profile photo on your Windows Server PC. The selected image is often applied as the new profile picture and the 0x80070520 error appears after that.
It warns that the profile picture couldn’t be saved, which is incorrect.
On Windows 11 consumer editions, the problem is associated with a local account, as confirmed by our tests in another post.
VPN software might fail to connect, making using the PC in a secure environment challenging. Both these issues remain unresolved, and it’s been almost a month since the update went live.
A few weeks back, Microsoft accidentally installed Copilot app on Windows Server PCs with an update for the Edge browser. Unlike consumer editions, Copilot isn’t available for Windows Server.
However, Microsoft took cognizance of the incident and removed the app with a new update for the Edge.