Microsoft fixes Windows Defender LSA bug in Windows 11 with update KB5007651 (version 1.0.2306.10002)

Windows[German]Wonders may yet happen. I have the first reports that Microsoft has fixed the Local Security Authority (LSA) issue that has been simmering in Windows 11 for months. It was caused by an update, and as a result, certain features of Defender do not work and cause errors. Here is a brief overview of this issue and the fix.


Advertising

The Defender LSA bug in Windows 11

Since March 2023, the so-called LSA bug has been tormenting owners of Windows 11 22H2. This is because the update of the Defender anti-malware platform through the KB5007651 antimalware platform update led to a Local Security Authority (LSA) bug.

Gerätesicherheit: Der Schutz durch die lokale Sicherheitsautorität ist deaktiviert

Device Security shows a yellow triangle with an exclamation mark (see screenshot above of a German Windows 11) because the local security authority (LSA) protection isn't activated and cannot be enabled. I had already written something about this in March 2023 in the blog post Windows 11 22H2 Defender causes "Local Security Authority protection is off" warning" (and further posts, see end of article).

Microsoft tried to fix this problem in the following months with updates, but this led to further problems like errors in the memory integrity of the Defender. In the blog post Windows 11: Microsoft can't solve the Defender LSA bug – update pulled, I addressed Microsoft's admission in the support post "Local Security Authority protection is off." with persistent restart on the problem. Now we are almost two months further, and a fix is is around the corner.

A blog reader and Microsoft confirm a fix

German blog reader Windowsnutzer1969 left this morning the following comment (I'm pulling the translated comment out here):


Advertising

Just saw that currently update for Windows Security platform-antimalware platform – KB5007651 (version 1.0.2306.10002) has been installed. Finally solved the never-ending Defender problem (?!).

Thanks for the tip. As of July 5, 2023, Microsoft updated the support article "Local Security Authority protection is off." with persistent restart  in the Windows 11 Health Status Dashboard. There, it was already stated since March 2023 that "an update to Microsoft Defender Antivirus Antimalware Platform – KB5007651 (version 1.0.2302.21002)" triggers the problems described above. Microsoft also lists both Windows 11 21H2 and Windows 11 22H2 as affected operating systems. With yesterday's update, it now states:

Resolution: This issue was resolved in an update for Windows Security platform antimalware platform KB5007651 (Version 1.0.2306.10002). If you would like to install the update before it is installed automatically, you will need to check for updates

The update of the Windows Security Platform Antimalware Platform to version 1.0.2306.10002 should fix the problem. The update is rolled out automatically. However, this can take a while. The installation of the new version can be accelerated by letting the user check for updates. Question for those affected: Is the problem really fixed now?

Similar articles:
Windows 11 22H2 Defender causes "Local Security Authority protection is off" warning
Windows 11 22H2: Microsoft confirms Defender bug "Local security protection is disabled"
Windows 11: Defender update KB5007651 brings FASR, fixes LAS bug, but still causes issues
Windows 11: Defender LSA bug fixed by "removing settings", and more Defender/FASR issues …
Windows 11: Microsoft can't solve the Defender LSA bug – update pulled

 


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Update, Windows and tagged , , . Bookmark the permalink.

4 Responses to Microsoft fixes Windows Defender LSA bug in Windows 11 with update KB5007651 (version 1.0.2306.10002)

  1. Adrian says:

    It seems to be fixed for me with this update. So far! – Let's wait and see if other problems appear in time.

  2. EP says:

    seems to be fixed for others, according to this from askwoody forum:
    https://www.askwoody.com/forums/topic/kb-5007651-2/

  3. Adrian says:

    The error seems to have been fixed with the latest platform update, but in Event Viewer I have a lot of warnings about LSA (Event IDs 6155) – for example: "LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard. PackageName: tspkg"

  4. Advertising

  5. Chris D says:

    Here in late November 2023 I'm still getting constant LSA (EsaSrv) warnings of "LSA package is not signed as expected. This can cause unexpected behavior with Credential Guard." but with a variety of cited PackageNames: msv1_0, kerberos, negoexts, tspkg, pku2u, cloudap, wdigest, schannel, schannel, sfapm, pku2u, … this as well as constant and unpredictable system freezes requiring reboot and causing lost data…. very frustrating to say the least. No stop gap patches in the meantime?

Leave a Reply

Your email address will not be published. Required fields are marked *