A recent security update to Windows 11 has put the scare on some users by warning that Microsoft's Local Security Authority (LSA) feature is turned off and their system is vulnerable to attack.
The warnings are triggered by the KB5007651 update, according to Microsoft. In messages to Redmond's support sites and on Reddit, some users linked the problem to another update released March 14 - KB5023706 - saying it started to appear for them after they installed that update.
However, Microsoft is pinpointing the problem as KB5007651, noting in the Windows Health Dashboard that even after the LSA protections are enabled, users may still get a prompt saying they need to restart their system.
"This issue affects only 'Update for Microsoft Defender Antivirus antimalware platform - KB5007651 (Version 1.0.2302.21002),'" the company wrote. "All other Windows updates released on March 14, 2023 for affected platforms (KB5023706 and KB5023698), do not cause this issue."
Windows 11 users over the past week have responded to the problem, which only affects systems running Windows 11 versions 22H2 and 21H2, with a mixture of anger, frustration, and anxiety.
One user complained in a message on a Microsoft support site that his Windows 11 system was "telling me that my local security authority protection is off and it won't let me do anything to fix it. I can't uninstall the update either. Why would you create an update that would leave your users vulnerable to attack? How am I supposed to work now without a computer?"
A poster on Reddit wrote: "Basically a yellow triangle appeared on the Windows Security iron, a week ago. It says that Local Security Authority protection is off. Your device may be vulnerable. There is no option to turn the protection on in the Device Security panel, there is only 'dismiss' option. Is it a bug or is it something I should be worried about?
LSA is a key security process in Windows that addresses authentication and authorization through such tasks as verifying logon attempts, password changes, and creating access tokens. It's such an important security feature that Redmond said earlier this month when releasing Windows 11 Insider Preview Build 25314 to the Canary Channel that it will make LSA protection a default feature.
Starting with an upgrade, "we will audit for a period of time to check for incompatibilities with LSA protection," wrote Amanda Langowski, principal product manager for the Windows Insider Program, and Brandon LeBlanc, senior program manager at Microsoft. "If we do not detect any incompatibilities, we will automatically turn on LSA Protection."
Microsoft said that if users have enabled LSA protection and have restarted their devices at least once, they can dismiss the alerts saying the LSA protection is off and ignore notifications prompting them to restart their systems.
The company also showed how users can determine if LSA protection is enabled by checking the Event Viewer.
Microsoft is not recommending any other workaround for the problem and said it is working to fix the issue, with an update coming as soon as it's available. ®
Will be followed soon after by SLE 15 SP 5 as org continues prep for ALP
Boffins and machines write very differently - and it's easy to tell
Brush up on your coding - more tech jobs are going to be hybrids that mix ops and software, or require AI skills
Suggest that Zuck has yet again unleashed stuff without a thought for the downsides
WWDC And makes developer-grade OS betas available to all ducking loyalists
Deadly accident said to be unavoidable
This could be a useful way to show what you're up against, or give the clueless a stick to beat you with