Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates.
As reported by BleepingComputer on Wednesday, many system administrators have warned since this month's Patch Tuesday that servers are unexpectedly freezing and restarting due to a memory leak in the Local Security Authority Subsystem Service (LSASS) process.
"Our symptoms were ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022) to the point that all physical and virtual memory was consumed and the machine hung," a Windows admin told BleepingComputer.
"Since installation of the march updates (Exchange as well as regular Windows Server updates) most of our DCs show constantly increasing lsass memory usage (until they die)," another admin said.
Redmond publicly acknowledged this issue after BleepingComputer reached out for more details, saying it affects all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates.
Today, Microsoft released the following emergency Windows Server cumulative updates that should fix the LSASS memory leak and prevent impacted servers from crashing and restarting:
- Windows Server 2022: KB5037422
- Windows Server 2019: KB5037425
- Windows Server 2016: KB5037423
- Windows Server 2012 R2: KB5037426
"This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs)," the company explains.
"The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it."
To fix this known issue, admins must download the OOB updates from the Microsoft Update Catalog and install them on affected domain controllers.
If you installed previous Windows Server updates, only the new updates in these packages will be downloaded and installed. Microsoft has not reported any known issues with these emergency updates.
Microsoft resolved other Windows Server crash issues in December 2022 after the November 2022 updates introduced another leak and in March 2022 when admins again reported widespread domain controller reboots.
Update March 25, 14:53 EDT: Microsoft has also released a Windows Server 2019 OOB update.
Comments
darylzero - 1 month ago
Still no fix for 2019?
ZeroYourHero - 1 month ago
The bad updates were for Server 2016 & 2022. Server 2019's update is OK.
darylzero - 1 month ago
"The bad updates were for Server 2016 & 2022. Server 2019's update is OK."
Source?
busy_mouse20 - 1 month ago
I thought that the previous article did state that Microsoft Server 2019 is also affected? I believed it is KB5035849. So that mean that I can go ahead to install the update? I actually defer the update for our domain servers due to this reported issue.
rabidinfantry - 1 month ago
There is no fix for 2019 yet.
noelprg4 - 1 month ago
there is now for Server 2019 in the form of KB5037425, released 3/25 only on the MS Update Catalog site
these OOB updates will NOT be offered thru windows update nor WSUS and are only available thru the Microsoft Catalog site
DarthAdmin - 1 month ago
Has anyone seen this issue on Server 2016 RDS Session Host Servers? We currently are running 2 Session host servers and since the March Patches they have been becoming unresponsive once or twice a day. I initially thought it was this issue with not being able to communicate with the domain controllers. I've patched the domain controllers for this issue, but it is still persisting on my Session host servers. Kinda thinking about throwing this patch on the Session host servers. I havent been able to find anything related to non-domain controllers having and issue becoming unresponsive after this months patches. Any ideas would be much appreciated.