Microsoft has released a fix for the LSASS memory leak issue that affects some domain controllers, making them freeze and restart after installing Windows Server updates.
According to Bleeping Computer, users reported memory leaks in LSASS.exe (Local Security Authority Subsystem Service) after installing the November 2022/Out of Band update on domain controllers.
Microsoft Immediately Acknowledged And Fixed The Issue
Microsoft Principal Product Manager David Fisher says that should users have patched their domain controllers last November, the December 13 security update will resolve the LSASS memory leak.
Local Security Authority Subsystem Service (LSASS) is a Windows process on an Active Directory domain controller responsible for user authentication, managing passwords, and creating access tokens.
LSASS enforces Windows security policies and handles user logins, and if it crashes, users lose access to their Windows account on the device they are using.
The Register details that LSASS is tasked to provide Active Directory database searches, authentication, and replication.
It authenticates and verifies users who wish to log onto a Windows system, making it a more crucial tool at a time when hackers are looking more closely at identification to access corporate networks.
The memory leak bug affecting the LSASS has reportedly infected Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and 2012 R2, Windows Server 2016, and Windows Server 2019.
Read More: Microsoft Fixes Bugs, Two Zero-Days With December Patch Tuesday Update
Microsoft Also Offers A Temporary Workaround
The issue was first detected in late November, around the time the tech giant added Windows updates to address authentication problems on domain controllers.
With this, Petri writes that the December 2022 Patch Tuesday should fix the LSASS issue, but in the meantime, Microsoft has provided possible workarounds for those without the patch yet.
The workaround requires admins to set the KrbtgtFullPacSignature registry key to 0, and edit the registry key to a higher value.
"Once you have installed the patch that resolves this known issue, you should either remove this value or set KrbtgtFullPacSignature to a higher setting depending on what your environment will allow," Microsoft says.
The company also recommends that users enable the Enforcement mode on their domain controllers, Bleeping Computer reports.
Microsoft says that more information an=bout the registry key can be found in the note on Windows Health Dashboard.
This is connected to problems with the November Patch Tuesday update affecting Windows Server's Kerberos network authentication protocol with the domain controller's management of network and identity security requests.
It can be remembered that in March, Microsoft fixed another bug leading to Windows Server domain controller restarts as the LSASS crashes.
Meanwhile, earlier this month, the company also rolled out a domain controller fix for those experiencing sign-in failures and other authentication problems.
In related news, Petri reports that Microsoft also released some updates to improve the quality of its Quick Assist app on Windows devices.
With this, a problem that stops some enterprise clients from downloading the app from the Microsoft Store should be partially resolved.
Related Article: Microsoft Ends Service for Multiple Windows 10 21H1 Editions Today