Microsoft Releases Out-of-band Updates to Address Critical Windows Server Domain Controller Issue

In a recent development that has sent ripples across the IT landscape, Microsoft has identified a critical issue plaguing Windows Server Domain Controllers (DCs). This issue, originating from a memory leak within the Local Security Authority Subsystem Service (LSASS), has emerged as a significant concern for organizations relying on both on-premises and cloud-based Active Directory domain controllers to process Kerberos authentication requests. In response to this pressing matter, Microsoft has taken swift action by rolling out Out-of-band (OOB) updates tailored specifically for the affected Windows versions.

What are Microsoft Out-of-band Updates?

These updates, as the term implies, deviate from the customary patching cycle, serving as a rapid response mechanism to tackle critical or zero-day vulnerabilities. As of the time of writing, the affected versions along with their corresponding KB articles on Microsoft’s website are below:

• Windows Server 2022: KB5037422
• Windows Server 2019: KB5037425
• Windows Server 2016: KB5037423
• Windows Server 2012 R2: KB5037426

It is important to note that these are cumulative updates, so you do not need to apply any previous update before installing them, and they supersede all previous updates for affected versions. If you support customers that use any of the affected server platforms as DCs and you haven’t deployed the March 2024 Microsoft Patch Tuesday security updated yet, I recommend you apply this out-of-band update instead. 

Related Product

N‑sight RMM

Comece a operar rapidamente, contando com o RMM, projetado para MSPs e departamentos de TI de pequeno porte.

Find out more

Does Your RMM Handle Out-of-band Updates?

Now, you might be wondering, why this warrants a blog post. The answer lies in a critical yet often overlooked aspect of IT infrastructure management: the patching process. Remarkably, many remote monitoring and management (RMM) solutions lack inherent support for out-of-band updates, leaving administrators grappling with the daunting prospect of manually installing critical patches across numerous client servers. If you’re among those who do not leverage N‑able N‑central or N‑able N‑sight RMM for Patch Management, brace yourself for the arduous task that lies ahead.

However, if your arsenal includes N‑able N‑central or N‑able N‑sight RMM, rejoice! Both platforms boast the capability to automatically detect and apply out-of-band patches, including the updates outlined earlier. Once approved, both N‑central and N‑sight RMM seamlessly integrate these patches into their Patch Management protocols, ensuring that the systems under your management remain fortified against the latest threats.

This demonstrates how these cutting-edge RMM solutions not only streamline the patch management process, but also offer unparalleled flexibility and adaptability to meet the evolving needs of modern IT ecosystems. From automated patch detection to customizable deployment schedules, N‑central and N‑sight RMM empower organizations to take proactive measures against emerging threats while minimizing disruption to critical business operations.

Furthermore, the robust reporting and analytics capabilities embedded within these platforms provide invaluable insights into patch compliance and vulnerability trends, enabling informed decision-making and proactive risk mitigation strategies. By leveraging the comprehensive suite of features offered by N‑able’s RMM solutions, organizations can fortify their defences against cyber threats, enhance operational efficiency, and safeguard their reputation in an increasingly digitized world.

One thing to be aware of with this issue is that we have seen some servers leak so much memory as a result of this issue that the device itself does not have enough memory to complete a patch detection or install cycle. If you think these patches should be offered to a device the recommendation is to reboot the server first and then detect and patch. Unfortunately, LSASS is a service that cannot be restarted to fix the leak and an entire restart of the server is required to free up the memory.

Related Product

N‑central

Manage large networks or scale IT operations with RMM made for growing service providers.

Find out more

The Critical Role of Patch Management in Safeguarding Organizations

In conclusion, the recent out-of-band updates issued by Microsoft underscore the critical importance of patch management in safeguarding organizational infrastructure against evolving cyber threats. While the task of patch management may seem daunting, especially in the face of diverse IT environments and complex workflows, solutions like N‑able N‑central and N‑sight RMM offer a beacon of hope. With their robust feature set and unwavering commitment to excellence, these RMM platforms empower organizations to navigate the ever-changing technological landscape with confidence and resilience.

Looking for more blogs on patching, or looking for previous Microsoft Patch Tuesday Reviews, then check out this section of our blog.

If you have questions on this or anything else join me on the N-Central office hours or my colleague Joe Ferla on the N‑sight RMM office hours at www.n-able.com/events. For more insight on how you can get the most out of Patch Management in N‑central or N‑sight RMM, you can attend our patch management specific Boot Camps, recordings of which are available in the N‑ableU, alternatively keep an eye on www.n-able.com/events to register for the live sessions.

Paul Kelly is the Head Nerd at N‑able. You can follow him on Twitter at @HeadNerdPaul, LinkedIn and Reddit at u/Paul _Kelly. Alternatively you can email me direct.