March 2024 Update Triggers LSASS Memory Leak, Downtime for Domain Controllers

Image about March 2024 Update Triggers LSASS Memory Leak, Downtime for Domain Controllers

Key Points:

  • Recent Windows Server updates (March 2024) caused domain controllers to crash due to an LSASS memory leak.
  • This is not the first time an LSASS issue has been linked to Windows Server updates, raising concerns.
  • IT teams should consider holding off on updates or monitoring official channels for a fix.

Recent Windows Patches Destabilize Domain Controllers

Critical updates released for Windows Server in March 2024 have inadvertently introduced a severe bug affecting domain controllers within enterprise environments. System administrators across various industries report widespread instances of domain controllers experiencing crashes and unprompted reboots. Investigations have pinpointed the source of this instability as a memory leak present within the March 2024 cumulative updates for Windows Server 2016 (KB5035855) and Windows Server 2022 (KB5035857).

Understanding the Implications

Domain controllers serve as the backbone of IT infrastructure within organizations, responsible for essential functions like network-wide authentication, security policy enforcement, and user management. The memory leak caused by the recent updates forces the Local Security Authority Subsystem Service (LSASS) – a core component of domain controllers – to gradually consume an increasing amount of system memory. Over time, this unchecked memory usage leads to resource exhaustion, resulting in system crashes and automatic reboots. Such instability poses a direct threat to business continuity, network security, and compliance with data privacy regulations.

Understanding the Technical Cause

The core issue stems from a memory leak within the Local Security Authority Subsystem Service (LSASS) – a critical component of the Windows operating system. LSASS plays a vital role in enforcing security policies, authenticating user logins, generating access tokens, and facilitating password changes.  The memory leak, introduced in the March 2024 updates, results in LSASS mistakenly retaining memory that should be released after completing processes.

This gradual accumulation of unreleased memory puts increasing strain on domain controllers. As available memory dwindles, systems become progressively unstable. Ultimately, domain controllers reach a critical threshold where they lack the memory resources to operate, leading to crashes and automatic reboots in an attempt to restore functionality.

Impact on Enterprise Networks

Domain controllers underpin network security and user authentication in enterprise environments. Their instability disrupts operations, potentially impacting productivity and even exposing the network to security vulnerabilities.

History Repeating Itself

This isn’t the first LSASS-related upheaval after Windows Server updates. Similar issues plagued administrators in December 2022 and March 2022. The recurrence of critical vulnerabilities in a core security component is worrying.

Community Reaction

System administrators have taken to online forums, expressing frustration and seeking solutions. Some have resorted to rolling back problematic updates but eagerly await an official Microsoft response.

Microsoft’s Silence

Microsoft has yet to issue a statement or provide a patch for the March 2024 domain controller crashes. This underscores the importance of rigorous testing within software updates, particularly for mission-critical enterprise components.

What System Administrators Can Do

Until a confirmed solution emerges, system administrators should carefully monitor official communication channels. IT teams may consider delaying the problematic updates until the issue has been resolved.