Windows Server March 2024 Updates Trigger Domain Controller Crashes

Microsoft’s March 2024 security updates for Windows Server have led to significant stability issues across domain controllers. Reports have surfaced from various corners indicating that servers are unexpectedly freezing and rebooting due to a memory leak in the Local Security Authority Subsystem Service (LSASS) process.

The Root of the Problem

The crux of the issue lies in the LSASS process, a crucial component of the Windows operating system responsible for enforcing security policies, handling user logins, and managing access tokens and password changes. According to affected users, after the installation of the March 2024 cumulative updates designated as KB5035855 for Windows Server 2016 and KB5035857 for Windows Server 2022, domain controllers began exhibiting rampant memory usage spikes. This abnormal increase in memory consumption ultimately leads to the exhaustion of available physical and virtual memory resources, causing the servers to hang and subsequently restart.

Microsoft’s Advisory

After being alerted to the issue, Microsoft has acknowledged the problem, confirming it as a known issue impacting all domain controller servers updated to the latest Windows Server 2012 R2, 2016, 2019, and 2022 versions. The company has pinpointed the cause of the memory leak and is currently developing a fix. Until the resolution is officially released, Microsoft has advised system administrators to uninstall the problematic updates to mitigate the risk of server crashes.

Temporary Workaround for Administrators

For administrators facing this dilemma, Microsoft Support recommends a temporary workaround involving the removal of the troublesome updates from domain controllers. To achieve this, administrators should access an elevated command prompt and execute one of the following commands based on the specific update installed on the affected servers:

  • For KB5035855: wusa /uninstall /kb:5035855
  • For KB5035857: wusa /uninstall /kb:5035857
  • For KB5035849: wusa /uninstall /kb:5035849

Following the uninstallation, it’s also advised to use the ‘Show or Hide Updates’ troubleshooter to prevent the problematic updates from being re-applied in future update cycles.

A Recurring Challenge

This isn’t the first time Microsoft has had to deal with LSASS-related issues. Past updates have also led to similar memory leak problems, with the company releasing fixes or workarounds to help mitigate the impact on domain controllers and maintain system stability.

It’s crucial for administrators to closely monitor updates from Microsoft regarding this issue and apply recommended actions or patches promptly to avoid potential downtime or disruption in their IT environments.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.