Microsoft’s Patch Tuesday routine releases of Windows Server updates breaks Domain Controllers

Posted on Monday, Dec 5, 2022 by Chris Hayner

Featured in this episode of Chaos Lever

One day I’m gonna compile a list of Patch Tuesdays that cause catastrophic failures in enterprise critical deployments of Windows. I’m not gonna count the total NUMBER of catastrophic failures, because that number is probably nearing infinity.. Just the number of days where this allegedly routine and tested patch bundle comes out, is loyally applied by dedicated sysadmins, and then shit melts down. That number is also probably quite high.. Honestly the number of failure days might be equal to the number of Patch Tuesdays.

ANYWAY.

This time. November Patch Tuesday had some Windows Server updates in it. These updates caused LSASS (or “Local Security Authority Subsystem Service” for short) in systems running as Domain Controllers to have memory leaks. These memory leaks crash LSASS, which then crashes all account accesses on the system, and then the system reboots. As you can imagine, Domain controllers are kind of important. So this is… bad.

This issue will affect most Server deployments from 2012 through 2019. WOW. There is a workaround listed in the linked article if you’ve already applied the patches, and of course Microsoft claims they will fix the issue caused by this patch.. In an upcoming patch.