Developers: | Microsoft |
Last Release Date: | 2022/11/28 |
Technology: | OS |
Content |
2022
Updates caused domain controller failures
The latest Windows Server KB5019966 updates released on November Patch Tuesday cause LSASS memory leaks that could cause the domain controller to freeze and restart. This became known on November 28, 2022.
LSASS server is the authentication of the local security system, which is responsible for applying security policies on Windows systems and managing access tokens, changing password and logging users into the system. If LSASS fails, logged-in users lose access to their Windows accounts on computer and receive a system restart error message followed by a system reboot.
Microsoft explains that LSASS can use more memory over time, and the domain controller can stop responding to requests and restart. Depending on the workload of the domain controllers and the time elapsed since the last server restart, LSASS can continuously increase memory usage depending on the uptime of the server, and the server may stop responding or automatically restart.
Affected versions of Windows:
- Windows Server 2019;
- Windows Server 2016;
- Windows Server 2012 R2;
- Windows Server 2012;
- Windows Server 2008 R2 SP1;
- Windows Server 2008 SP2.
Microsoft is working to fix the problem and promises a fix in the next release. Prior to the release of the patch, the company offers IT administrators a workaround to troubleshoot domain controller failures[1].
Block vulnerable drivers with WDAC
On March 29, 2022, it became known that Microsoft provided Windows users with the ability to block drivers with vulnerabilities using Windows Defender Application Control (WDAC) and the "blacklist" of vulnerable drivers.
This option is part of the Core Isolation security feature set for devices that use virtualization-based security. The feature works on devices running Windows 10, Windows 11, Windows Server 2016 and later with Hypervisor-Protected Code Integrity (HVCI) enabled, as well as systems running Windows 10 in S-mode. Read more here.
2018: Preview release
In March 2018, Microsft released the first preliminary version of operating system Windows Server 2019. The main innovations are related to four areas: hybrid workloads, security, application platform and. hyperconverged infrastructure
Windows Server 2019 build number 17623 is available on the so-called Long-Term Servicing Channel (LTSC ). The Main Support and Extended Support will take five years to complete. Members of the Windows Insider program can access the preliminary version of the platform. The release of the mass-use version of the product is scheduled for the second half of 2018.
One of the main innovations of the server OS is the Project Honolulu interface, based on web technologies and which is essentially a control panel for all servers, which offers a lot of options for visualizing and analyzing data. In Project Honolulu, you can manage hyperconverged systems.
Windows Server 2019 will introduce new security features, in particular, virtual machines with improved protection for Linux applications. Microsoft also built in Windows Defender Advanced Threat Protection to protect virtual machines from threats related to vulnerabilities that have not yet been fixed. Integration with Windows Subsystem for Linux is implemented (Linux users can add their scripts to Windows based on industry standards OpenSSH, Curl and Tar) and improved support for containers, including Kubernetes.
The user will be able to use Project Honolulu to manage the deployment of Windows Server and the integration of Azure services such as backup, file synchronization, disaster recovery without disrupting existing applications and infrastructures.[2]