Monday, April 22, 2024

Microsoft releases out-of-band KB5037422 update to fix Windows Server memory leak


Microsoft building

Not for the first time, Microsoft has released a patch-for-a-patch after a recent update was found to cause memory leaks in Windows Server.

The problems stemmed from the KB5035857 update — the March 2024 security update — for Windows Server, which Microsoft acknowledged as having known issues. Now the company has released the out-of-band KB5037422 update which affected users will have to manually seek out and install.

See also:

It is only a few days since Microsoft confirmed what many Windows Server admins had already found — that the Local Security Authority Subsystem Service (LSASS) may experience a memory leak on domain controllers after installing the KB5035857 update.

At the time, affected users were advised that the company was working on a fix having determined the root cause. Now that fix has been delivered in the form of the KB5037422 update.

In an update to a notice about the issue on the Windows release health pages, Microsoft says:

Resolution: This issue was resolved in the out-of-band (OOB) update KB5037422, which is only available via the Microsoft Update Catalog. We strongly recommend you do not apply the March 2024 security update on DCs and install KB5037422 instead. As this is a cumulative update, you do not need to apply any previous update before installing KB5037422. To install this update, search for KB5037422 in the Microsoft Update Catalog. The OOB update can then be manually imported to Windows Server Update Services (WSUS) and Configuration Manager. For guidance, see WSUS and the Microsoft Update Catalog.

If you manage update catalogs in Configuration Manager, please check the section Import updates. If you with you work with software update synchronization in Configuration Manager, review the steps on Import updates from the Microsoft Update Catalog. For more information about the Microsoft Update Catalog, visit Microsoft Update Catalog – FAQs

Important: This update (KB5037422) is not available from Windows Update and will not install automatically.

In the release notes for the KB5037422 update, Microsoft says:

This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs). This issue occurs after you install KB5035857 (March 12, 2024). The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it.

Give the significance and impact of the problems caused by the original KB5035857 update, it is perhaps slightly surprising that the KB5037422 update is not being rolled out automatically, but administrators will nonetheless be pleased that a fix has been made available.

Image credit: Waingro /

Read more

Local News