Microsoft is currently investigating a persistent issue related to the latest security update for Windows 11 PCs. The company has confirmed that the recent Defender update triggers a warning that the Local Security Authority (LSA) feature is disabled, and their device is vulnerable to cyberattacks.
Local Security Authority (LSA) is a Windows feature that helps to manage security operations and policies, including authentication, authorization, auditing, and password management. It’s a critical component of the Windows security architecture that ensures consistent enforcement of security policies across the system. The LSA feature is designed to protect users from unauthorized access and data breaches.
“After installing “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002)”, you might receive a security notification or warning stating that “Local Security protection is off. Your device may be vulnerable.” and once protections are enabled, your Windows device might persistently prompt that a restart is required,” Microsoft explained on the Windows Health Dashboard.
In a Reddit thread, many users complained that the KB5007651 update shows the LSA protection is off message and prompts to reboot the device. The restart notifications appear on PCs running Windows 11 versions 22H2 and 21H2.
“Basically a yellow triangle appeared on the Windows Security iron, a week ago. It says that Local Security Authority protection is off. Your device may be vulnerable. There is no option to turn the protection on in the Device Security panel, there is only “dismiss” option,” the post reads.
Microsoft has confirmed that it’s working on a fix, but it has not provided any workaround to address the problem on Windows 11 devices. However, the company suggests that users who have enabled the LSA protection feature and already restarted their devices can dismiss the notifications. Users can also check the Event Viewer to determine if LSA protection is enabled on their system.
Last month, Microsoft announced its plans to enable LSA protection by default on Windows 11. The company is already testing this change with the Windows 11 Insider Preview Build 25314 released to the Canary Channel.