Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Latest Windows Server Updates Cause LSASS Memory Leaks and Reboots on Domain Controllers

Key Takeaways:

Microsoft has acknowledged a new LSASS memory leak bug affecting Windows Server machines that could cause Domain Controllers (DCs) to crash.

The problem affects Windows Server versions 2012 R2, 2016, 2019, and 2022.

Microsoft engineers are working on a fix that will arrive as an update in an upcoming release.

Microsoft has confirmed a new issue that is currently plaguing Windows Server machines. The company detailed on the Windows Health Dashboard that the latest Patch Tuesday Update may cause Domain Controllers (DCs) to stop working or automatically restart.

Specifically, Microsoft has warned that customers installing the latest Windows Server updates could experience a memory leak vulnerability with the Local Security Authority Subsystem Service (LSASS). The bug could cause LSASS to crash or trigger unexpected reboots of the Domain Controllers. The LSASS memory leak issue affects Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022.

“Following installation of the March 2024 security update, released March 12, 2024 (KB5035857), Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers (DCs). This is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests,” Microsoft explained.

What is Local Security Authority Subsystem Service (LSASS)?

The Local Security Authority Subsystem Service (LSASS) is a Windows process that is responsible for enforcing the security policy on the operating system. It manages authentication, authorization, credential management, security policy enforcement, security token generation, and other security-related functions. LSASS helps to prevent unauthorized access and ensures the confidentiality of sensitive data stored on Windows Server machines.

Microsoft says that its engineers are currently working on a fix that is expected to arrive in an upcoming update. In the meantime, the company advises administrators to uninstall the patches from affected Domain Controllers. It’s also recommended to monitor the memory usage of the Windows Server machines and reboot them periodically when needed.

by Rabia Noureen
Mar 22, 2024

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

What Is Windows Server?

Feb 22, 2024
Windows Server Backup: A Step-by-Step Guide

Jan 5, 2024
Mar 22, 2024
What Is Windows Admin Center? A Quick Overview

Mar 26, 2024
Apr 03, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.