If you’re a Windows administrator, you might want to hold off on installing the latest March 2024 Windows Server updates. Widespread reports have surfaced of domain controllers crashing and restarting after applying these updates, causing headaches for IT professionals and disruptions for businesses.
The Culprit: LSASS Memory Leak
The root of the problem appears to be a memory leak in the Local Security Authority Subsystem Service (LSASS), a critical Windows service responsible for enforcing security policies and handling user authentication. The memory leak was introduced with the March 2024 cumulative updates for Windows Server 2016 (KB5035855) and Windows Server 2022 (KB5035857).
Admins have reported that after installing these updates, the LSASS process on their domain controllers starts consuming more and more memory until the servers eventually freeze and reboot. One admin described their experience: “Since installation of the march updates (Exchange as well as regular Windows Server updates) most of our DCs show constantly increasing lsass memory usage (until they die).”
The Impact: Outages and Frustration
The consequences of this issue have been severe for some organizations. Another admin shared, “We’ve had issues with lsass.exe on domain controllers (2016 core, 2022 with DE and 2022 core domain controllers) leaking memory as well. To the point all domain controllers crashed over the weekend and caused an outage.”
The unexpected crashes and reboots have left many admins frustrated and seeking answers from Microsoft. “The Support rep says they expect official comms to be announced from Microsoft soon,” one admin told BleepingComputer.
The Fix: Emergency Out-of-Band (OOB) Updates
Microsoft has issued out-of-band updates for Windows Server to resolve the issue. The updates are available for immediate installation, with the exception of Windows Server 2019, which is expected to be released soon.
Admins responsible for maintaining Windows Server environments should take immediate action to resolve the LSASS memory leak issue by downloading and deploying the out-of-band updates from the Microsoft Update Catalog. The updates should be applied to all impacted domain controllers to prevent further crashes and ensure system stability.
For servers that have already received the previous Windows Server updates, the installation process will only download and apply the new fixes included in these emergency packages, minimizing the impact on the system. As of now, Microsoft has not disclosed any identified problems or complications associated with the implementation of these critical updates.
Reach out to Messageware to improve Microsoft Exchange Server Security
If you are not protecting all the protocols used by your Exchange Server, you’re putting your company at a higher risk of a data breach.
Security incidents happen frequently. They cause disruption, loss of data and potentially risk the reputation of your company. However, if you implement these steps, you’re doing more than most other companies.
Have you heard about Messageware’s EPG that offers advanced Exchange Server security to protect organizations from a variety of logon and password attacks, as well as extensive real-time reporting and alerts of suspicious logon activity? Learn more about Messageware’s Microsoft Exchange Server security products.