• MS-DEFCON 3: Side effect with Domain patch

    Posted on November 25, 2022 at 15:51 CST by Comment in the Forums

    alert banner

    Special alert

    MS-DEFCON 3

    By Susan Bradley

    November Domain controller update leads to memory leak

    Business patchers only:  Microsoft has posted up a known side effect introduced by the November updates applied to domain controllers.

    As they note in their health release: (with my slight edits for clarification)

    After installing November or later updates on Domain Controllers (DCs), you might experience a memory leak with Local Security Authority Subsystem Service (LSASS,exe). Depending on the workload of your DCs and the amount of time since the last restart of the server, LSASS might continually increase memory usage with the up time of your server and the server might become unresponsive or automatically restart. Note: The out-of-band updates for DCs released November 17, 2022 and November 18, 2022 do not fix the issue and are also affected by this issue.

    Workaround one if you can remove the patch: Uninstall the November 8th updates and out of band updates that are listed here.

    Workaround two if you are mandated to keep the patch installed: To mitigate this issue, open Command Prompt as Administrator and use the following command to set the registry key KrbtgtFullPacSignature to 0:

    • reg add “HKLM\System\CurrentControlSet\services\KDC” -v “KrbtgtFullPacSignature” -d 0 -t REG_DWORD

    Note that this ONLY impacts business patchers and does NOT impact consumers.

    AskWoody Plus Alert, MS-DEFCON , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.