Summary

This update addresses a known issue that affects the Local Security Authority Subsystem Service (LSASS). It might leak memory on domain controllers (DCs). This issue occurs after you install KB5035885 (March 12, 2024). The leak occurs when on-premises and cloud-based Active Directory DCs process Kerberos authentication requests. This substantial leak might cause excessive memory usage. Because of this, LSASS might stop responding, and the DCs will restart when you do not expect it.

Known issues in this update

We are currently not aware of any issues that affect this update.

How to get this update

Install this update

Release Channel

Available

Next Step

Windows Update and Microsoft Update

No

See the other options below.

Microsoft Update Catalog

Yes

To get the standalone package for this update, go to the Microsoft Update Catalog website.

To download updates from the Update Catalog, see Steps to download updates from the Windows Update Catalog.

Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager

No

You can manually import these updates into Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager. For WSUS instructions, see WSUS and the Catalog Site. For Configuration Manger instructions, see Import updates from the Microsoft Update Catalog.

Prerequisites

To install Windows Server 2012 R2 updates, we recommend that you have installed the latest SSU update for Windows Server 2012 R2. For more information, see ADV990001 | Latest Servicing Stack Updates.

File information

For a list of the files that are provided in this update, download the file information for update KB5037426.

References

Description of the standard terminology that is used to describe Microsoft software updates

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.