From bleepingcomputer.com
The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators.
Affected servers are freezing and rebooting because of a Local Security Authority Subsystem Service (LSASS) process memory leak introduced with the March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022.
LSASS is a Windows service that enforces security policies and handles user logins, access token creation, and password changes.
As many admins have warned, after installing the KB5035855 and KB5035857 Windows Server updates released this Patch Tuesday, domain controllers with the latest updates would crash and reboot due to increasing LSASS memory usage.
“Since installation of the march updates (Exchange as well as regular Windows Server updates) most of our DCs show constantly increasing lsass memory usage (until they die),” one admin said.
“We’ve had issues with lsass.exe on domain controllers (2016 core, 2022 with DE and 2022 core domain controllers) leaking memory as well. To the point all domain controllers crashed over the weekend and caused an outage,” another one added.
“Our symptoms were ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022) to the point that all physical and virtual memory was consumed and the machine hung,” one admin told BleepingComputer.
“The Support rep says they expect official comms to be announced from Microsoft soon.”