Microsoft releases emergency fix for Windows Server crashes

8 months ago 62
BOOK THIS SPACE FOR AD
ARTICLE AD

Windows Server

Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates.

As reported by BleepingComputer on Wednesday, many system administrators have warned since this month's Patch Tuesday that servers are unexpectedly freezing and restarting due to a memory leak in the Local Security Authority Subsystem Service (LSASS) process.

"Our symptoms were ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022) to the point that all physical and virtual memory was consumed and the machine hung," a Windows admin told BleepingComputer.

"Since installation of the march updates (Exchange as well as regular Windows Server updates) most of our DCs show constantly increasing lsass memory usage (until they die)," another admin said.

Redmond publicly acknowledged this issue after BleepingComputer reached out for more details, saying it affects all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates.

Today, Microsoft released the following emergency Windows Server cumulative updates that should fix the LSASS memory leak and prevent impacted servers from crashing and restarting:

KB5037422 (Windows Server 2022) KB5037423 (Windows Server 2016)

"This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs)," the company explains.

"The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it."

To fix this known issue, admins must download the OOB updates from the Microsoft Update Catalog and install them on affected domain controllers.

If you installed previous Windows Server updates, only the new updates in these packages will be downloaded and installed. Microsoft has not reported any known issues with these emergency updates.

Microsoft resolved other Windows Server crash issues in December 2022 after the November 2022 updates introduced another leak and in March 2022 when admins again reported widespread domain controller reboots.

Read Entire Article