Priya PatelTLDR: Microsoft releases out-of-band update to fix Windows memory leak
- Microsoft released an out-of-band update, KB5037422, on March 22, 2024, specifically for Windows Server 2022 to address a critical memory leak issue in the Local Security Authority Subsystem Service (LSASS).
- The update targets domain controllers processing Kerberos authentication requests, preventing LSASS crashes and unexpected DC restarts.
Microsoft released an out-of-band update, KB5037422, on March 22, 2024, specifically for Windows Server 2022 to address a critical memory leak issue in the Local Security Authority Subsystem Service (LSASS). The leak occurred on domain controllers (DCs) after installing the March 2024 security updates (KB5035857) and impacted both on-premises and cloud-based Active Directory DCs during Kerberos authentication requests. Excessive memory usage could lead to LSASS crashing and unexpected DC restarts, while the update addresses the LSASS memory leak and improves the overall servicing stack functionality for future Windows updates.
The memory leak vulnerability manifested after installing the KB5035857 update, which was released on March 12, 2024. The flaw was triggered when DCs processed Kerberos authentication requests, leading to a substantial memory leak. The excessive memory consumption could cause LSASS to crash, resulting in unexpected domain controller reboots, while the update specifically targets and resolves the critical LSASS memory leak issue. It’s essential to apply this update to DCs, especially those that haven’t yet uninstalled the vulnerable KB5035857 update, to prevent potential crashes and subsequent downtime on your domain network.
Microsoft released a servicing stack update (SSU) for Windows Server 2022, KB5035857, which specifically targets the servicing stack component, a critical system function responsible for the deployment of Windows updates. By implementing quality improvements to the servicing stack, this SSU enhances its reliability and robustness. Devices receiving this update will benefit from a more efficient and reliable process for acquiring and installing future Windows updates. Timely updates are essential for addressing security vulnerabilities, bug fixes, and new feature implementations to maintain a healthy and up-to-date Windows Server environment.
The update delivers the latest cumulative update (LCU) bundled with the latest servicing stack update (SSU) for Windows 10, improving the reliability of the update process. While Microsoft isn’t aware of any issues, the update isn’t available through Windows Update or Windows Update for Business. Instead, it needs to be downloaded from the Microsoft Update Catalog website or leverage Windows Server Update Services (WSUS) for deployment. If it is required to remove the LCU after installation, the DISM tool with the LCU package name can be used, but be aware that this won’t remove the SSU.
