Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Rolls Out Fix for LSASS Memory Leak Bug Affecting Windows Server

Microsoft has released a fix for a memory leak bug in LSASS that could have caused some domain controllers to automatically restart or stop working. The company first acknowledged the issue following the release of the November 2022 Patch Tuesday updates last month.

Local Security Authority Subsystem Service (LSASS) is a Windows process on an Active Directory domain controller that allows IT admins to enforce the security policy on Windows PCs. LSASS is responsible for user authentication, managing password changes, and creating access tokens.

LSASS is an important tool that helps to prevent threat actors from accessing enterprise networks. Microsoft explained that the LSASS memory leak bug might cause operational failures as well as performance and reliability issues. The problem affects Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and 2012 R2, Windows Server 2016, as well as Windows Server 2019.

Install December Patch Tuesday updates to fix Windows Server LSASS memory leaks

The December 2022 Patch Tuesday updates should address the LSASS memory leak problem on Windows Server machines. Meanwhile, Microsoft has provided a workaround for admins who have yet to patch their domain controllers. It requires IT Pros to open Command Prompt as administrator to set the registry key KrbtgtFullPacSignature to “0” by running the following command:

reg add “HKLM\System\CurrentControlSet\services\KDC” -v “KrbtgtFullPacSignature” -d 0 -t REG_DWORD

“Once you have installed the patch that resolves this known issue, you should either remove this value or set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow. It is recommended to enable Enforcement mode as soon as your environment is ready,” Microsoft said yesterday.

In related news, Microsoft has also released some updates to enhance the Quick Assist app on Windows devices. The new bits should help to address an issue that prevents some enterprise customers from downloading the app from the Microsoft Store.

by Rabia Noureen
Dec 14, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

What Is Windows Server?

Feb 22, 2024
Windows Server Backup: A Step-by-Step Guide

Jan 5, 2024
Mar 22, 2024
What Is an Access Control List (ACL)?

Feb 19, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.