Microsoft Rolls Out Fix for LSASS Memory Leak Bug Affecting Windows Server

Cloud Computing

Microsoft has released a fix for a memory leak bug in LSASS that could have caused some domain controllers to automatically restart or stop working. The company first acknowledged the issue following the release of the November 2022 Patch Tuesday updates last month.

Local Security Authority Subsystem Service (LSASS) is a Windows process on an Active Directory domain controller that allows IT admins to enforce the security policy on Windows PCs. LSASS is responsible for user authentication, managing password changes, and creating access tokens.

LSASS is an important tool that helps to prevent threat actors from accessing enterprise networks. Microsoft explained that the LSASS memory leak bug might cause operational failures as well as performance and reliability issues. The problem affects Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and 2012 R2, Windows Server 2016, as well as Windows Server 2019.

Install December Patch Tuesday updates to fix Windows Server LSASS memory leaks

The December 2022 Patch Tuesday updates should address the LSASS memory leak problem on Windows Server machines. Meanwhile, Microsoft has provided a workaround for admins who have yet to patch their domain controllers. It requires IT Pros to open Command Prompt as administrator to set the registry key KrbtgtFullPacSignature to “0” by running the following command:

reg add “HKLM\System\CurrentControlSet\services\KDC” -v “KrbtgtFullPacSignature” -d 0 -t REG_DWORD

“Once you have installed the patch that resolves this known issue, you should either remove this value or set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow. It is recommended to enable Enforcement mode as soon as your environment is ready,” Microsoft said yesterday.

In related news, Microsoft has also released some updates to enhance the Quick Assist app on Windows devices. The new bits should help to address an issue that prevents some enterprise customers from downloading the app from the Microsoft Store.