[German]In Windows 10 20H2, some users had the problem that the Local Security Authority Subsystem Service file (lsass.exe) crashes in certain constellations. Microsoft had set an upgrade stop, but was able to eliminate the lsass crash error 0xc0000374, which has plagued users of Windows 10 20H2 since October 2020, now on January 7, 2021.
In this comment EP has already pointed out that the problem has been fixed to 7 January 2020 by Microsoft. I’ll pull the whole thing out as a separate blog post, though.
The History: The sass.exe crash problem
Microsoft was forced to patch vulnerabilities in the Local Security Authority Subsystem Service (lsass.exe) several times in 2020, but this caused problems as early as June 2020 (see links at the end of the article). A bug then crept in with the release of the Windows 10 October 2020 Update (version 20H2). In Windows 10 20H2 (and also version 2004), the Local Security Authority Subsystem Service (lsass.exe) crashes for some users in certain constellations. The problem had already been reported to me by blog reader Roman at the end of October 2020.
An error 0xc0000374 and a forced restart occurred, if an administrator for example intend to enlist groups in the computer management. I had blogged the details within the blog post Windows 10 20H2: lsass.exe crashes (Oct. 2020). Microsoft had then later admitted the problem in the support postAfter updating to Windows 10, version 20H2, you might receive an error when accessing the sign-in options or users MMC snap-in (KB4592802).The stop error occurred when the build-in accounts were renamed Administrator or Guest. The stop error, which triggered a “Your PC will automatically restart in one minute” message and then a reboot, occurred when the Administrator or Guest build-in accounts were renamed. Microsoft had then placed an upgrade halt on Windows 10 20H2, which prevented updating from earlier Windows 10 versions. Details may be read within the blog post Windows 10 2004/20H2 lsass.exe crash issue (Oct. 2020) confirmed.
Microsoft fixes the Issue
Within that comment, EP pointed out to me that Microsoft had fixed the Local Security Authority Subsystem Service (lsass.exe) crash issue. On the status web page for Windows 10 20H2, the list of Resolved Issues for Windows 10 Version 20H2 and Windows Server Version 20H2 includes the entry You might receive an error when accessing the sign-in options or users MMC snap-in from November 2020, in which Microsoft addresses the issue. In an addendum, Microsoft now writes:
Note As of January 7, 2021, you should only receive the safeguard hold dialog or safeguard ID if you are using outdated feature update bundles or media.
Microsoft has thus fixed the error internally, so that it no longer occurs when a feature upgrade (function update) is executed via Windows Update. The error is only still present for feature updates that are carried out via an installation medium – the media have probably not been updated yet. Microsoft says also:
Feature update bundles released December 3, 2020 or later will resolve this issue when deploying via Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. Refreshed media was released December 3, 2020 on Visual Studio Subscriptions (VSS, formerly MSDN Subscriptions) and December 7, 2020 on Volume Licensing Service Center (VLSC). For information on verifying you’re using the refreshed media, see How to address feature update refreshes in your environment. If you are using or creating custom media, you will need to include an update released November 17, 2020 or later.
Windows 10: Juni 2020 Updates causes BSOD in lsass.exe
Project Zero: August 2020 LSASS patch does not adequately protect Windows 10
Windows 10 20H2: lsass.exe crashes (Oct. 2020)
Windows 10 2004/20H2 lsass.exe crash issue (Oct. 2020) confirmed
Cookies helps to fund this blog: Cookie settings