And memory leak it is a rather common problem in computer programs and has to do with incorrect management of the contents of memory. The phenomenon occurs when a portion of allocated memory it is not dynamically released when no longer needed. This can lead to a gradual resource depletion of memory available on your system. Although they do not represent a security problem in the strict sense, we wanted to mention i memory leak in the article focused on vulnerabilities in memory management. Most of the “weaknesses” that afflict the software we all use can be traced back to them.
Memory leaks introduced with Microsoft’s March 2024 patches cause problems with Windows Server domain controllers
Following the many reports received from IT administrators and after checks that lasted for a few days, Microsoft confirmed the existence of memory leak introduced with the March 2024 security updates. The patches made available to users about ten days ago cause thecrash of the domain controller Windows.
Affected servers go in crash showing a blue screen (BSoD) then by default they restart automatically.
Specifically, the memory leak plagues the process Local Security Authority Subsystem Service (LSASS) and was introduced with this month’s cumulative updates. LSASS It is a fundamental component of the Windows operating system. It performs various critical functions related to security and authentication, deals with the management of credentials and access tokens, and has the task of applying local security policies, including policies relating to the use of passwords.
After installing the Microsoft March 2024 updates, most Windows Server domain controllers show a memory usage for the constantly increasing LSASS process, until the process itself “blocks” and dies.
The platforms affected by the problem and how to avoid Windows Server crashing
With the publication of an official note, Microsoft confirmed the existence of the problem by observing that the affected platforms are all domain controllers based on Windows Server 2012 R2, 2016, 2019 e 2022.
The Redmond company specifies that the phenomenon of memory leak is observable when on-premises and cloud-based Active Directory domain controllers are met Kerberos authentication requests. At this point, the LSASS process may actually crash, which in turn triggers an unplanned reboot of the domain controllers.
Microsoft adds that it has identified the root cause and is working on one corrective patchwhich will be released soon.
Until Redmond’s software engineers have released an “ad hoc” update, it is advisable to simply proceed with the uninstalling updates who introduced the problem. To do this, just type cmd in the Windows search box then choose Run as administrator. At this point you can type the following commands:
wusa /uninstall /kb:5035855
wusa /uninstall /kb:5035849
wusa /uninstall /kb:5035857
Not all commands will be successful: this depends on the specific version of Windows Server that is installed. However, we recommend giving all three instructions in order to be sure of remove the cumulative update of March 2024 intended for your system.
Opening image credit: Microsoft.