Operational Defect Database
BugZero found this defect 64 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft Windows Server | WI748850
Issue with Kerberos requests on domain controllers may cause LSASS memory leaks
Last update date:
3/22/2024
Affected products:
Windows Server 2022
Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
Affected releases:
all
Fixed releases:
Description:
Updates History
Published: 2024-03-22T22:07:51.767+00:00 ---------------------------------------- Following installation of the March 2024 security update, released March 12, 2024 (KB5035885 (https://support.microsoft.com/help/5035885)), Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers (DCs). This is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests. Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers (DCs). Note: This issue does not occur on Home devices. It affects only environments in organizations using some Windows Server platforms. Resolution: This issue was resolved in the out-of-band (OOB) update KB5037426 (https://support.microsoft.com/help/5037426), which is only available via the Microsoft Update Catalog (https://catalog.update.microsoft.com/). We strongly recommend you do not apply the March 2024 security update on DCs and install KB5037426 (https://support.microsoft.com/help/5037426) instead. As this is a cumulative update, you do not need to apply any previous update before installing KB5037426 (https://support.microsoft.com/help/5037426). To install this update, search for KB5037426 (https://support.microsoft.com/help/5037426) in the Microsoft Update Catalog. The OOB update can then be manually imported to Windows Server Update Services (WSUS) and Configuration Manager. For guidance, see WSUS and the Microsoft Update Catalog (https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site#the-microsoft-update-catalog-site). If you manage update catalogs in Configuration Manager (https://learn.microsoft.com/mem/configmgr/sum/tools/updates-publisher-catalogs), please check the section Import updates (https://learn.microsoft.com/mem/configmgr/sum/tools/updates-publisher-catalogs#import-updates). If you with you work with software update synchronization in Configuration Manager (https://learn.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates), review the steps on Import updates from the Microsoft Update Catalog (https://learn.microsoft.com/mem/configmgr/sum/get-started/synchronize-software-updates#import-updates-from-the-microsoft-update-catalog). For more information about the Microsoft Update Catalog, visit Microsoft Update Catalog - FAQs (https://catalog.update.microsoft.com/Faq.aspx). Important: This update (KB5037426 (https://support.microsoft.com/help/5037426)) is not available from Windows Update and will not install automatically. Affected platforms: - Client: None - Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2 Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences)to manage email notifications for Windows known issues. Published: 2024-03-21T02:43:46.607+00:00 ---------------------------------------- Following installation of the March 2024 security update, released March 12, 2024 (KB5035885 (https://support.microsoft.com/help/5035885)), Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers (DCs). This is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests. Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers (DCs). Note: This issue does not occur on Home devices. It affects only environments in organizations using some Windows Server platforms. Next steps: The root cause has been identified and we are working on a resolution that will be released in the coming days. This text will be updated as soon as the resolution is available. Affected platforms: - Client: None - Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2 Published: 2024-03-21T02:01:44.017+00:00 ---------------------------------------- Following installation of the March 2024 security update, released March 12, 2024 (KB5035885 (https://support.microsoft.com/help/5035885)), Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers (DCs). This is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests. Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers (DCs). Note: This issue does not occur on Home devices. It affects only environments in organizations using some Windows Server platforms. Next steps: The root cause has been identified and we are working on a resolution that will be released in the coming days. This text will be updated as soon as the resolution is available. Affected platforms: - Client: None - Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2
Impact
This issue affects on-premises and cloud-based Active Directory DCs after installing the March 2024 security update
Originating KB URL
https://support.microsoft.com/en-us/topic/5035885
Originating KB Release Date
2024-03-12T10:00:00-07:00
Originating Build
N/A
Resolved KB URL
https://support.microsoft.com/en-us/topic/5037426
Date Resolved
2024-03-22T14:30:00-07:00
