Microsoft confirms spike in NTLM authentication traffic after Windows Server patch

02-May-24

Microsoft’s April 2024 security update blues continue with confirmation of a “significant increase” in NTLM authentication traffic in Windows Server.The issue is caused by installing the update (KB5036909) on domain controllers. NTLM traffic might then suddenly spike.The problem comes hot on the heels of VPN connection failures in the same update.According to Microsoft’s release health dashboard: “This issue is likely to affect organizations that have a very small percentage of primary domain controllers in their environment and high NTLM traffic.”

Read More…