Microsoft admitted that Windows Server had an LSASS memory leak after installing the update released on November Patch Tuesday, causing some domain controllers to freeze or restart.
The full name of LSASS is Local Security Authority Subsystem Service, and the Chinese name is Local Security Authentication Subsystem Service. It is an internal program of the Microsoft Windows operating system that is responsible for enforcing Windows system security policies. It authenticates users, manages user password changes, and generates access characters when users log in to a computer or server. It will also leave due records in the windows security log file.
Once the LSASS service crashes, logged-in users are immediately disconnected from their Windows accounts, followed by an error that the system needs to be restarted, and then the system restarts automatically.
Microsoft explains in Windows Health,
LSASS may use more memory during use, causing the domain controller to become unresponsive and then restart. Depending on the workload of the domain server and the time since the server was last restarted, LSASS may will keep increasing the memory footprint, and the server may eventually become unresponsive or reboot automatically.
The full list of affected Windows versions includes Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2.
Microsoft is working on a solution and says it will fix the issue in a future release.