After installing KB5005076 on Windows Server 2012 R2 (or any of the cumulative security updates that follow it as they include this update), IIS application pools which are set to allow 32 bit mode begin to crash, writing BEX errors (Buffer Overflow Exception) to the event log, referencing either w3wp or regsvr32 as the faulting process.
In the beginning of troubleshooting, we used uninstalling this KB/security patch (or running all IIS pools in 64 bit mode) to fix the issue.
Faulting application name: w3wp.exe, version: 8.5.9600.16384, time stamp:
Faulting module name: ntdll.dll, version: 6.3.9600.20144, time stamp: Dx60eg12D8
Exception code: 0xc000005
Fault offset: 0x0002a8c0
Faulting application path: C:\Windows\SYSWOW64\inetsrv\w3wp.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
In this case, the root cause turned out to be a negative interaction between two separate detection/anti-malware utilities running on the servers. Their negative interaction only became apparent following this Windows Update, and was repaired by adding exceptions to each tool to avoid interference. The crash report generated by Windows allowed us to determine what libraries were being loaded by the crashing process. Evaluating this list led us to determine that both of these anti-malware components were using native API hooks and thus were both loaded by w3wp.exe.
We performed "process of elimination" debugging by disabling each anti-malware tool individually, the 32 bit applications hosted as normal when one or the other was running. Only when both were enabled did the 32 bit crashes begin again.
Sample subset of Crash Report (specific anti-malware DLL names are redacted):
Sig.Name=Fault Module Name
Sig.Name=Fault Module Version
Sig.Name=Fault Module Timestamp
UI=Check online for a solution (recommended)
UI=Check for a solution later (recommended)
UI=IIS Worker Process stopped working and was closed
UI=A problem caused the application to stop working
correctly. Windows will notify you if a solution is available.
AppName=IIS Worker Process