A memory leak on the Windows Server update for this month’s Patch Tuesday could cause domain controllers to crash, Microsoft noted in a March 20 posting on its site.
The software maker said the local security authority subsystem service (LSASS), which enforces security policy, could crash because of the memory leaks, thereby triggering an “unscheduled” reboot of the underlying domain controllers.
Microsoft said the root cause has been identified and it plans to work on a resolution to be released in the coming days. They were quick to also point out that the issue does not occur on home devices, only IT environments in organizations using Windows Server platforms.
Ashley Leonard, chief executive officer at Syxsense, added that patches usually don’t receive the same level of testing from the vendors as a full product release, so it’s critical for teams to stay proactive and conduct thorough testing to all patches before moving to production.
“Security teams also need to balance the speed of the roll-out against the risk of delaying patching to allow better testing,” said Leonard. “If the environment is exposed to a vulnerability under active attack, the team might have to accept the risk of mass deploying the patch, understanding that it might occasionally have a negative impact on IT operations, but it’s better than a breach.”
The implications of this issue extend beyond immediate operational disruptions, explained Callie Guenther, senior manager, cyber threat research at Critical Start. Guenther said it highlights the inherent risks in the cumulative update model, where a single update can impact critical infrastructure. For enterprises, it underscores the importance of robust testing before deploying updates in production environments.
“It also brings to light the delicate balance between security patching and system stability, especially in environments where uptime is crucial,” said Guenther. “This situation may prompt organizations to reevaluate their patch management strategies, possibly adopting more granular approaches to updates, especially for critical systems like domain controllers.”
