Microsoft Rushes Emergency Updates To Address Windows Server Crashes

Problems caused by latest Patch Tuesday update

clock • 2 min read
Microsoft Rushes Emergency Updates To Address Windows Server Crashes

Microsoft has rolled out emergency out-of-band (OOB) security updates to address a critical memory leak issue affecting select versions of Windows Server domain controllers (DCs), causing servers to freeze and restart.

The emergency updates follow numerous warnings from system administrators over the past week, who reported that their servers were freezing and restarting unexpectedly since installation of the updates released by Microsoft earlier this month.

One system admin told Bleeping Computer that following the installation of the March updates, encompassing both Exchange and standard Windows Server updates, a majority of their DCs exhibited a continuous rise in local security authority subsystem service (LSASS) memory usage until eventual system crash.

Another admin said: "Our symptoms were ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022) to the point that all physical and virtual memory was consumed and the machine hung."

Microsoft officially acknowledged the issue, stating that it affected all DC servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates.

The company said only enterprise systems using the affected Windows Server platform need apply the updates; home users remain unaffected.

According to Microsoft, the problem arise following the installation of the security update (KB5035857), released on 12 March 2024.

The company said the LSASS process may experience a memory leak when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests, which could ultimately lead to crashes and unscheduled reboots.

"We identified this issue in the LSASS component and recognized the need to push out a fix as quickly as possible to protect customers running domain controllers on affected Windows Server versions," said Aria Carricarte, partner director of the Microsoft Security Response Center.

"These out-of-band updates were expedited to get the patch in the hands of IT admins before the start of the new work week."

The newly released out-of-band updates are cumulative, and supersede any previous cumulative updates rolled out for the impacted operating systems.

Currently, patches are accessible for Windows Server 2022 (KB5037422), Windows Server 2016 (KB5037423), and Windows Server 2012 R2 (KB5037426) via the Microsoft Update Catalog. An update for Windows Server 2019 is anticipated shortly.

Microsoft urges all IT admins to promptly review the provided Knowledge Base articles and deploy the relevant out-of-band updates on their domain controllers.

"If your organization uses the affected server platforms as DCs and you haven't deployed the March 2024 security updated yet, we recommend you apply this OOB update instead."

The incident isn't the first time Microsoft has grappled with LSASS-related issues.

In December 2022, Microsoft addressed another instance of an LSASS memory leak impacting DCs. Following the installation of Windows Server updates released during November 2022's Patch Tuesday, affected servers experienced freezing and subsequent restarts.

A similar issue was resolved by the company in March 2022.

This article originally appeared on our sister site Computing.

You may also like
Access Point: Weekly News Roundup For IT Executives For April 19, 2024

Column

Access Point is a weekly roundup of major tech news for IT executives on the go. This edition covers April 15-19.

clock 04-19-2024 • 2 min read
DataStax Exec Talks About Recent Acquisition That Gives Businesses Powerful AI Capabilities

Artificial Intelligence

DataStax's chief product officer also details how midmarket companies are using the platform

clock 04-19-2024 • 6 min read

MES Midmarket 100 Awards

MES Midmarket 100

The MES Midmarket 100 Awards recognizes vendors that have proven themselves to be forward-thinking technology providers with product and services offerings.

More on Security

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

Protect AI Releases 'Bug Bounty' Report On This Month's Vulnerabilities

The vulnerabilities involve tools used to build AI apps

Samara Lynn
clock 04-18-2024 • 6 min read
Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

Trouble Managing Digital Certificate Sprawl? There's A Mid-Market Solution For That

More users, more devices, more certificates to manage.

Samara Lynn
clock 04-17-2024 • 2 min read
Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

Experts Warn 2024 Elections Will Be Biggest Cyberattack Targets

“In the biggest global election year in history, democracy is the primary target of nation-state threat actors," the co-founder of cybersecurity firm Armis says.

Samara Lynn
clock 04-16-2024 • 3 min read