Blog Post

Ask the Directory Services Team
2 MIN READ

November 2022 Out of Band update released! Take action!

JR_Nieves's avatar
JR_Nieves
Icon for Microsoft rankMicrosoft
Nov 18, 2022
Greetings from the Windows Directory Services team! The team wanted to bring to your attention the November 17th, 2022 release of an Out of Band (OOB), non-security update that addresses the Kerbe...
Published Nov 18, 2022
Version 1.0
Yannick1285's avatar
Yannick1285
Brass Contributor
Nov 21, 2022

Hello everyone,

 

Does someone has identified a memory leak caused by lsass.exe process (attach to services : netlogon, KDC, Active Directory, etc.)  on Windows Server 2016 with domain controllers role since the KB5019964 installation?

 

I have some domain controllers on W2k16 with latest November CU patch and they all have a memory leak caused by the lsass.exe process.

The other domain controllers which doesn't have the November CU installed don't have this memory leak. 

 

I'm currently installing the OOB patch to see if it fix this memory leak.

 

EDIT 23/11/2022:
The OOB patch didn't fix the memory leak on lsass.exe process so we proceed to uninstall the November CU KB5019964 and OOB KB5021664  on our  Windows Server 2016 Domain Controllers.

 

EDIT 23/11/2022:
I have open a case and Microsoft confirm this is a known issue on domain controllers W2k12R2, W2K16 and W2K19.

 

The temporay fix is to configure the reg key  KrbtgtFullPacSignature to 0

 

Details about this reg key available here:

KB5020805: How to manage Kerberos protocol changes related to CVE-2022-37967 - Microsoft Support

 

This key will prevent the memory leak on process Lsass.exe but a reboot is required to fully release the memory.