New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes
Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs.
These updates are mandatory as they are part of Microsoft’s June 2024 Patch Tuesday and contain security updates for 51 vulnerabilities.
The Windows Server 2019 KB5039217 update has three changes or fixes, including a fix for a bug that causes the LSASS process to crash and reboot servers after installing the April 2024 updates.
The three changes in the KB5039217 are:
-
This update affects the version of curl.exe that is in Windows. The version number is now 8.7.1.
-
This update addresses an issue that affects lsass.exe. It stops responding. This occurs after you install the April 2024 security updates on Windows servers.
-
This update addresses an issue that affects lsass.exe. It leaks memory. This occurs during a Local Security Authority (Domain Policy) Remote Protocol (LSARPC) call.
Microsoft says there are no known issues in this update.
The Windows Server 2022 KB5039227 update includes the above fixes as well as an additional thirteen fixes and changes listed below:
-
New! This update affects Server Message Block (SMB) over Quick UDP Internet Connections (QUIC). It turns on the SMB over QUIC client certificate authentication feature. Admins can use it to restrict which clients can access SMB over QUIC servers. To learn more, see Configure SMB over QUIC client access control in Windows Server.
-
This update addresses an issue that affects Outlook and OneNote. Their search function stops working. This occurs when you use Azure Virtual Desktop (AVD).
-
This update addresses an issue that affects Windows Hello for Business. You cannot use it to authenticate to Entra ID on certain apps. This occurs when you use Web Access Management (WAM).
-
This update addresses an issue that affects a Microsoft Entra ID account. Devices cannot authenticate a second one. This occurs after you install the Windows update, dated November 13, 2023.
-
This update addresses an issue that affects Microsoft Edge. The UI is wrong for the Internet Options Data Settings.
-
This update addresses an issue that affects Storage Spaces Direct (S2D) and Remote Direct Memory Access (RDMA). When you use them with SMBdirect in your networks, the networks fail. You also lose the ability to manage clusters.
-
This update addresses an issue that affects Containers. They do not move past the “ContainerCreating” status.
-
This update addresses an issue that might stop your system from resuming from hibernate. This occurs after you turn on BitLocker.
-
This update addresses an issue that affects Windows Defender Application Control (WDAC). The issue copies unsigned WDAC policies to the Extensible Firmware Interface (EFI) disk partition. It is reserved for signed policies.
-
This update addresses an issue that affects Enhanced Fast Reconnect. It fails. This occurs when you use it with third-party remote desktop protocol (RDP) providers.
-
This update addresses an issue that affects the Remote Desktop Session Host (RD Session Host). A deadlock occurs when a large number of users sign in.
-
This update addresses an issue that affects dsamain.exe. It stops responding. This occurs when the Knowledge Consistency Checker (KCC) runs evaluations.
-
This update addresses an issue that affects the kernel stack. It might overflow. Because of this, VMs might shut down prematurely.
While there are no known issues in the Windows Server 2019 update, the one for Windows Server 2022 continues to display 0x80070520 error messages when attempting to change your profile picture.
A complete list of changes can be found Windows Server 2022 KB5039227 and the Windows Serer 2019 KB5039217 support bulletins.