[English]Microsoft has been struggling with a "Local Security Authority" problem (LSA bug) in Defender under Windows 11 since March 2023. This LSA bug leads to errors and Defender warnings that cannot be switched off . After several "repair" attempts, the developers are "throwing in the towel" for now and have pulled back their latest Defender updates.

The Defender LSA bug

Since March 2023, the so-called LSA bug has been tormenting owners of Windows 11 22H2. An update to Defender's anti-malware platform through update KB5007651 resulted in a Local Security Authority (LSA) bug.

After the update, the Security Center showed disabled device security protection. This was known as the "LSA bug" (Local Security Authority issue). I had written something about this Local Security Authority (LSA) bug in March 2023 in the blog post Windows 11 22H2 Defender causes "Local Security Authority protection is off" warning.

Microsoft later confirmed the problem (see my article Windows 11 22H2: Microsoft confirms Defender bug "Local security protection is disabled"). The bug then grew into a never-ending story. In the blog post Windows 11: Defender update KB5007651 brings FASR, fixes LAS bug, but still causes issues I had reported about another update that supposedly fixed this LSA bug – but caused other problems (see below).

Since March 2023 Microsoft tried to get this problem under control through various patches, but unsuccessfully.

Microsoft pulled the update

Microsoft had already admitted in the Windows 11 22H2 Health Status Dashboard in the post "Local Security Authority protection is off." with persistent restart in the Known Issues that there were issues after installing "Update for Microsoft Defender Antivirus Platform – KB5007651 (Version 1.0.2302.21002)". Users may receive a security message or warning stating that "local security protection is disabled. Your device may be vulnerable." Once protection is enabled, your Windows device may be constantly prompted to reboot. Windows 11 version 21H2 and version 22H2 are affected.

Then on May 16, 2023, Microsoft updated the post "Local Security Authority protection is off." with persistent restart. In the Known Issues, Microsoft writes:

Updated May 16, 2023: This known issue was previously resolved with an update for Microsoft Defender Antivirus antimalware platform KB5007651 (Version 1.0.2303.27001) but issues were found, and that update is no longer being offered to devices. If you encounter this issue, you will need to use the above workaround until the issue is resolved.

If you have installed Version 1.0.2303.27001 and receive an error with a blue screen or if your device restarts when attempting to open some games or apps, you will need to disable Kernel-mode Hardware-enforced Stack Protection. To do this, select the Start button, type Windows Security and select it, select Device Security then select Core Isolation then disable Kernel-mode Hardware-enforced Stack Protection.

In short: Microsoft has withdrawn the update KB5007651 of the Microsoft Defender Antivirus antimalware platform (version 1.0.2303.27001). The reason was that the update not only does not fix the LSA bug. There are now other bugs caused by the faulty defender update. (via)

Similar articles:
Windows 11 22H2 Defender causes "Local Security Authority protection is off" warning
Windows 11 22H2: Microsoft confirms Defender bug "Local security protection is disabled"
Windows 11: Defender update KB5007651 brings FASR, fixes LAS bug, but still causes issues
Windows 11: Defender LSA bug fixed by "removing settings", and more Defender/FASR issues …