Microsoft has confirmed that final month’s Home windows Server safety updates may trigger area controller reboots after the Native Safety Authority Subsystem Service (LSASS) course of crashes.
LSASS is a Home windows service that handles safety insurance policies, consumer logins, entry token creation, and password modifications.
The checklist of impacted Home windows variations and buggy safety updates contains Home windows Server 2022 (KB5036909), Home windows Server 2019 (KB5036896), Home windows Server 2016 (KB5036899), Home windows Server 2012 R2 (KB5036960), Home windows Server 2012 (KB5036969), Home windows Server 2008 R2 (KB5036967), and Home windows Server 2008 (KB5036932).
“In rare instances, Windows Servers running the Domain Controller (DC) role might experience Local Security Authority Subsystem Service (LSASS) crashes resulting in a reboot,” Microsoft explains in a brand new replace added to the Home windows launch well being dashboard.
Microsoft launched emergency out-of-band (OOB) updates to resolve different Home windows Server crash points brought on by LSASS reminiscence leaks after putting in the March 2024 Home windows Server safety updates.
The corporate addressed different LSASS crash points in December 2022 and March 2022 after widespread admin stories of area controller reboots.
NTLM auth failures and VPN points
As beforehand acknowledged by Microsoft, the April 2024 Home windows safety updates are additionally inflicting NTLM authentication failures and excessive load on impacted area controllers.
Moreover, customers throughout consumer and server Home windows platforms are additionally being impacted by VPN connection failures.
Whereas Redmond has but to supply data on the foundation trigger and remains to be engaged on a repair, small and huge enterprise clients are suggested to succeed in out via the “Help for Enterprise” portal and residential customers to make use of the Home windows Get Assist app in the event that they want assist.
At present, there isn’t any official workaround on affected programs till Microsoft releases a repair. Nevertheless, you’ll be able to nonetheless briefly repair these recognized points by uninstalling the safety problematic updates.
“To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages,” Microsoft says.
Nevertheless, it is also vital to notice that Redmond additionally contains safety fixes within the Patch Tuesday cumulative replace; therefore, eradicating the April 2024 updates to resolve the area controller, NTLM, and VPN points may even wipe all fixes for patched safety vulnerabilities.
