Operational Defect Database
BugZero found this defect 705 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft Windows Server | WI409395
Performance might be affected when authenticated network operation take place
Last update date:
9/13/2022
Affected products:
Affected releases:
Fixed releases:
Description:
Impact: LSASS might experience a token leak which impacts application and OS performance. Originating KB URL: https://support.microsoft.com/en-us/topic/5014697 Originating KB Release Date: 2022-06-14T10:00:00-07:00 Originating Build: 22000.739 Resolved KB URL: https://support.microsoft.com/en-us/topic/5016691 Date Resolved: 2022-08-23T14:00:00-07:00 Vendor Message History: ======================= Published: 2022-09-13T21:56:47.5+00:00 ---------------------------------------- The Windows Local Security Authority Subsystem Service, known as LSASS (https://docs.microsoft.com/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection), might experience a token leak that increases with system up-time after installing Windows Updates released on or after June 14, 2022 (KB5014697 (https://support.microsoft.com/help/5014697)). These updates contain important protections for CVE-2022-30166 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30166). The issue occurs on devices that perform a specific form of Service for User (S4U) (https://docs.microsoft.com/openspecs/windows_protocols/ms-sfu/4a21fe32-a7d8-4eac-950e-86ee1dbc16e8) authentication in a non-Trusted Computing Base (TCB) Windows service running a Network Service. The rate of the leak depends on application workload and might impact application and OS performance or reliability in extreme cases. Home users are not expected to encounter this issue. Workaround: Devices experiencing this issue can temporarily alleviate performance loss by restarting Windows. Resolution: This issue was resolved in updates released August 25, 2022 (KB5016691 (https://support.microsoft.com/help/5016691)) and later. We recommend you install the latest security update for your device. Affected platforms: - Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1809; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1 - Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1809; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 SP2 Published: 2022-08-12T02:23:53.873+00:00 ---------------------------------------- The Windows Local Security Authority Subsystem Service, known as LSASS (https://docs.microsoft.com/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection), might experience a token leak that increases with system up-time after installing Windows Updates released on or after June 14, 2022 (KB5014697 (https://support.microsoft.com/help/5014697)). These updates contain important protections for CVE-2022-30166 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30166). The issue occurs on devices that perform a specific form of Service for User (S4U) (https://docs.microsoft.com/openspecs/windows_protocols/ms-sfu/4a21fe32-a7d8-4eac-950e-86ee1dbc16e8) authentication in a non-Trusted Computing Base (TCB) Windows service running a Network Service. The rate of the leak depends on application workload and might impact application and OS performance or reliability in extreme cases. Home users are not expected to encounter this issue. Workaround: Devices experiencing this issue can temporarily alleviate performance loss by restarting Windows. Next steps: Root cause for this issue has been identified and will be resolved in a future Windows Update. We will provide an update when more information is available. Affected platforms: - Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1809; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1 - Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1809; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 SP2 Published: 2022-08-12T01:56:36.57+00:00 ---------------------------------------- The Windows Local Security Authority Subsystem Service, known as LSASS (https://docs.microsoft.com/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection), might experience a token leak that increases with system up-time after installing Windows Updates released on or after June 14, 2022 (KB5014697 (https://support.microsoft.com/help/5014697)). These updates contain important protections for CVE-2022-30166 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30166). The issue occurs on devices that perform a specific form of Service for User (S4U) (https://docs.microsoft.com/openspecs/windows_protocols/ms-sfu/4a21fe32-a7d8-4eac-950e-86ee1dbc16e8) authentication in a non-Trusted Computing Base (TCB) Windows service running a Network Service. The rate of the leak depends on application workload and might impact application and OS performance or reliability in extreme cases. Home users are not expected to encounter this issue. Workaround: Devices experiencing this issue can temporarily alleviate performance loss by restarting Windows. Resolution: This issue was resolved in updates released August 9, 2022 (KB5016629 (https://support.microsoft.com/help/5016629)) and later. We recommend you install the latest security update for your device. Affected platforms: - Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1809; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1 - Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1809; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 SP2 Published: 2022-08-04T23:56:25.313+00:00 ---------------------------------------- The Windows Local Security Authority Subsystem Service, known as LSASS (https://docs.microsoft.com/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection), might experience a token leak that increases with system up-time after installing Windows Updates released on or after June 14, 2022 (KB5014697 (https://support.microsoft.com/help/5014697)). These updates contain important protections for CVE-2022-30166 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30166). The issue occurs on devices that perform a specific form of Service for User (S4U) (https://docs.microsoft.com/openspecs/windows_protocols/ms-sfu/4a21fe32-a7d8-4eac-950e-86ee1dbc16e8) authentication in a non-Trusted Computing Base (TCB) Windows service running a Network Service. The rate of the leak depends on application workload and might impact application and OS performance or reliability in extreme cases. Home users are not expected to encounter this issue. Workaround: Devices experiencing this issue can temporarily alleviate performance loss by restarting Windows. Next steps: Root cause for this issue has been identified and will be resolved in a future Windows Update. We will provide an update when more information is available. Affected platforms: - Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1809; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1 - Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1809; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 SP2 Published: 2022-08-04T23:22:06.13+00:00 ---------------------------------------- The Windows Local Security Authority Subsystem Service, known as LSASS (https://docs.microsoft.com/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection), might experience a token leak that increases with system up-time after installing Windows Updates released on or after June 14, 2022 (KB5014697 (https://support.microsoft.com/help/5014697)). These updates contain important protections for CVE-2022-30166 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30166). The issue occurs on devices that perform a specific form of Service for User (S4U) (https://docs.microsoft.com/openspecs/windows_protocols/ms-sfu/4a21fe32-a7d8-4eac-950e-86ee1dbc16e8) authentication in a non-Trusted Computing Base (TCB) Windows service running a Network Service. The rate of the leak depends on application workload and can impact application and OS performance or reliability in extreme cases. Home users are not expected to encounter this issue. Workaround: Devices experiencing this issue may temporarily alleviate performance loss by restarting Windows. Next steps: Root cause for this issue has been identified and will be resolved in a future Windows Update. We will provide an update when more information is available. Affected platforms: - Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1809; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB; Windows 8.1; Windows 7 SP1 - Server: Windows Server 2022; Windows Server, version 20H2; Windows Server, version 1809; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 SP2
