Windows Server
Share
On March 12, Microsoft released an update for its Windows Server 2022 service that is causing problems that affect its domain controllers.
Many users were warning on Reedit since that day, the servers freeze and restart unexpectedly due to a memory leak in the LSASS (Local Security Authority Subsystem Service) process.
The specific problem according to users who have reported it is: “Since installing the March updates (Exchange and regular Windows Server updates), most of our DCs show constantly increasing LSASS memory usage (until they die) .”
The LSASS service is the process responsible for enforcing security policy on Windows systems: it verifies that users log in, manages password changes, and creates access tokens. Forced use of the service may be caused by the conditions:
- You have many external trusts and many simultaneous login requests.
- These login requests do not specify the domain name.
This can lead to delays or crashes when authenticating the system or even reboots when the system's memory usage limit is reached.
This issue alarms users so much because being a crucial system file, it is often forged by malware. This service runs from the Windows\System32 directory, so if it runs from another directory, it is most likely a virus.
Temporary remedy
- so /uninstall /kb:5035855
- so /uninstall /kb:5035849
- so /uninstall /kb:5035857
Conclusion
- In November 2022, Microsoft released an update that affected the servers, causing them to freeze and restart.
- In March 2022, Microsoft fixed another LSASS bug that caused reboots on Windows Server DCs.