Summary:
Microsoft has acknowledged a widespread issue affecting Windows domain controllers, attributing it to a memory leak introduced with the March 2024 Windows Server security updates. The problem stems from a Local Security Authority Subsystem Service (LSASS) process memory leak, causing affected servers to freeze and restart unexpectedly. This issue impacts domain controller servers running the latest updates of Windows Server 2012 R2, 2016, 2019, and 2022, but home users remain unaffected. Microsoft has identified the root cause and is actively working on a fix.

Analyst Comments:
This incident underscores the critical importance of thorough testing and validation of updates before deployment, especially in enterprise environments where system stability is paramount. Memory leaks in core services like LSASS can have cascading effects, leading to severe disruptions in network operations. While Microsoft's swift response to identify and address the issue is commendable, administrators should exercise caution and closely monitor their systems until a permanent solution is available. Additionally, having robust rollback procedures in place is essential to mitigate the impact of such incidents swiftly.

Suggested Corrections:
In the interim, administrators are advised to uninstall the problematic updates from affected domain controllers until Microsoft releases a fix. The following steps can be taken:

Open an elevated command prompt by typing 'cmd' in the Start menu, then right-clicking the Command Prompt application and selecting 'Run as Administrator.'

Depending on the specific update installed on affected domain controllers, execute one of the following commands:

• wusa /uninstall /kb:5035855
• wusa /uninstall /kb:5035849
• wusa /uninstall /kb:5035857

Administrators should also stay informed about updates from Microsoft regarding the resolution of this issue and apply the fix promptly once available. Additionally, maintaining regular backups and implementing proactive monitoring of system resources can help mitigate risks associated with unexpected system failures.

Link(s):
https://www.bleepingcomputer.com/ne...erver-issue-behind-domain-controller-crashes/