Active Directory

Issue with Kerberos requests on domain controllers may cause LSASS memory leaks

Last Updated: March 24, 2024
0 47
Issue with Kerberos requests on domain controllers may cause LSASS memory leaks

After installing the March 12, 2024, security updates, a memory leak may occur in the Local Security Authority Subsystem Service (LSASS) on domain controllers (DCs). This issue is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests. Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers. Microsoft has identified the root cause and is working on a fix, which will be released soon.

Status Originating update History
Confirmed OS Build 20348.2340
KB5035857
2024-03-12		 Last updated: 2024-03-20, 20:08 PT
Opened: 2024-03-20, 18:39 PT

Following installation of the March 2024 security update, released March 12, 2024 (KB5035857), Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers (DCs). This is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests.

Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers (DCs).

Note: This issue does not occur on home devices. It affects only environments in organizations using some Windows Server platforms.

Next steps: The root cause has been identified by MS and they have released emergency out-of-band (OOB) updates for Windows Server Domain Controllers crashes.

Affected platforms:

  • ​Client: None
  • ​Server: Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2

Temporary workaround

To remove these updates, open command prompt with elevated and then clicking ‘Run as Administrator. Execute following commands to remove these windows patches from impacted domain controllers:

wusa /uninstall /kb:5035855
wusa /uninstall /kb:5035849
wusa /uninstall /kb:5035857

So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo
Last Updated: March 24, 2024
0 47
Photo of Vipan Kumar

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno

Leave a Reply

Back to top button