- Microsoft confirmed that installing the November update on Domain Controllers causes a memory leak with the Local Security Authority Subsystem Service.
- Microsoft states that the flaw affects Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP.
- Microsoft provided a workaround for the issue and stated that it will be fixed in an upcoming release.
Microsoft admits that OS Build 17763.3650 KB5019966 update on Domain controllers, released on 8 November, can cause a memory leak with Local Security Authority Subsystem Service, also known as LSASS.exe. LSASS is an important service that enforces security policies and handles access token creation, password changes, and user logins. When it is crashed, users who were already logged in lose access to Windows accounts, and the system is rebooted.
According to Microsoft’s announcement, Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP are affected. Microsoft stated that,
« Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart. The out-of-band updates for DCs released November 17, 2022 and November 18, 2022 might be affected by this issue. »
Microsoft announced a workaround to mitigate this issue. Users can open Command Prompt as Administrator and use the following command to set the registry key KrbtgtFullPacSignature to 0:
reg add "HKLM\System\CurrentControlSet\services\KDC" -v "KrbtgtFullPacSignature" -d 0 -t REG_DWORD
Microsoft also stated that they are working on a resolution and an update will be released in an upcoming update. Microsoft also warned users to set KrbtgtFullPacSignature to a higher setting depending on what the environment allows once this issue is resolved.