Sunday, April 27, 2025
HomeWindowsRecent Windows Server Updates Trigger Domain Controller Reboots & Crash

Recent Windows Server Updates Trigger Domain Controller Reboots & Crash

Published on

SIEM as a Service

Follow Us on Google News

Recent updates for Windows Server have been linked to significant disruptions in IT infrastructure, with numerous reports of domain controllers experiencing crashes and forced reboots.

The issues have been traced back to the March 2024 cumulative updates for Windows Server 2016 and Windows Server 2022, explicitly KB5035855 and KB5035857.

Impact on Domain Controllers

The core of the problem lies in a memory leak within the Local Security Authority Subsystem Service (LSASS), a critical component of the Windows operating system responsible for enforcing security policies and managing user logins, access token creation, and password changes.

- Advertisement - Google News

The LSASS process is essential for the stable operation of domain controllers, which are pivotal in managing network security and user authentication within an organization’s IT environment.

Administrators have observed that domain controllers exhibit steadily increasing LSASS memory usage after installing the March updates.

This escalation in resource consumption eventually leads to the system becoming unresponsive, culminating in crashes and automatic reboots.

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities. :

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Such behavior disrupts normal business operations and poses a risk to network security and data integrity.

Causes of Crashes and Reboots

The LSASS memory leak introduced by the updates is the direct cause of the crashes and reboots.

Memory leaks occur when a program incorrectly manages memory allocations, reducing performance and system stability as the available memory is gradually exhausted.

In the case of domain controllers, the LSASS process’s memory leak leads to an unsustainable load on the system, forcing a crash as a last resort to recover from the failure.

Affected Windows Server Versions

The reported issues specifically affect Windows Server 2016 and Windows Server 2022.

These versions are widely used in enterprise environments, meaning the impact of the problem is potentially vast, affecting organizations globally.

This is not the first time LSASS-related issues have been reported after Windows Server updates—previous incidents were recorded in December 2022 and March 2022—which raises concerns about the recurring nature of such critical vulnerabilities.

User Reactions and Comments

The sysadmin community has been vocal about the disruptions, with many taking to online forums such as Reddit to share their experiences and seek advice. Comments range from frustration over the repeated nature of these issues to concerns about the lack of immediate solutions or workarounds.

Some users have reported rolling back the updates as a temporary fix, while others are waiting for Microsoft’s official response or patch.

A particular comment on the Microsoft Tech Community Exchange Team Blog highlights the severity of the issue, with one user stating, “This is a disaster. We’ve had to roll back the updates on all our DCs to prevent the entire network from going down.”

LSASS Process Memory Leak

The LSASS process memory leak is not new, but its recurrence is troubling for Microsoft and its user base.

The memory leak leads to a gradual increase in memory usage by the LSASS process until the system can no longer function properly. This type of issue requires prompt attention and resolution to maintain the security and stability of affected systems.

Microsoft has not released an official statement or solution regarding the March 2024 updates and the resulting domain controller crashes.

This situation underscores the importance of thorough testing and quality assurance in software updates, mainly when they affect critical components of enterprise IT infrastructure.

As the situation develops, system administrators are advised to monitor official channels for updates and consider holding off on applying the problematic updates until a fix is confirmed.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Two Systemic Jailbreaks Uncovered, Exposing Widespread Vulnerabilities in Generative AI Models

Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to...

New AI-Generated ‘TikDocs’ Exploits Trust in the Medical Profession to Drive Sales

AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals...

Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware

The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced...

Compliance And Governance: What Every CISO Needs To Know About Data Protection Regulations

The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish

An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive...

Microsoft’s Patch for Symlink Vulnerability Introduces New Windows Denial-of-Service Flaw

Microsoft’s recent attempt to resolve a critical privilege escalation vulnerability has inadvertently introduced a...

Hackers Exploit Weaponized Word Docs to Steal Windows Login Credentials

A sophisticated phishing campaign has been uncovered by Fortinet’s FortiGuard Labs, targeting Windows users...