Microsoft released an out-of-band update, KB5037422, on March 22, 2024, specifically for Windows Server 2022 (OS Build 20348.2342) to address a critical memory leak issue in the Local Security Authority Subsystem Service (LSASS).
The leak occurred on domain controllers (DCs) after installing the March 2024 security updates (KB5035857) and impacted both on-premises and cloud-based Active Directory DCs during Kerberos authentication requests.
Excessive memory usage could lead to LSASS crashing and unexpected DC restarts, while the update addresses the LSASS memory leak and improves the overall servicing stack functionality for future Windows updates.
Out-of-band Update
The memory leak vulnerability manifested after installing the KB5035857 update, which was released on March 12, 2024, as the flaw was triggered when DCs processed Kerberos authentication requests, leading to a substantial memory leak.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, which helps you to quantify risk accurately:
The excessive memory consumption could cause LSASS to crash, resulting in unexpected domain controller reboots, while the update specifically targets and resolves the critical LSASS memory leak issue.
It’s essential to apply this update to DCs, especially those that haven’t yet uninstalled the vulnerable KB5035857 update, to prevent potential crashes and subsequent downtime on your domain network.
Microsoft released a servicing stack update (SSU) for Windows Server 2022, KB5035857 (OS Build 20348.2334), which specifically targets the servicing stack component, a critical system function responsible for the deployment of Windows updates.
By implementing quality improvements to the servicing stack, this SSU enhances its reliability and robustness. Consequently, devices receiving this update will benefit from a more efficient and reliable process for acquiring and installing future Windows updates.
The improvement is particularly significant for maintaining a healthy and up-to-date Windows Server environment, as timely updates are essential for addressing security vulnerabilities, bug fixes, and new feature implementations.
The update delivers the latest cumulative update (LCU) bundled with the latest servicing stack update (SSU) for Windows 10, improving the reliability of the update process.
While Microsoft isn’t aware of any issues, the update isn’t available through Windows Update or Windows Update for Business.
Instead, it needed to download from the Microsoft Update Catalog website or leverage Windows Server Update Services (WSUS) for deployment.
If it is required to remove the LCU after installation, the DISM tool with the LCU package name can be used, but be aware that this won’t remove the SSU.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.