Now comes another troubleshooting setback: A Defender update should automatically turn Local Security Authority back on and fix previously reported issues like choppy reboots. The deactivated device protection has been known since February.
The “Update for the antimalware platform Microsoft Defender Antivirus – KB5007651 (Version 1.0.2302.21002)” is affected. All other Windows updates released on March 14, 2023 for affected platforms (KB5023706 and KB5023698) did not cause any problems.
Attempts to fix it failed
At the end of April we reported that Microsoft had restored LSA protection with another update. But as it turns out, that was too hasty. Now the update will not be further distributed, the delivery has been stopped. The colleagues from desk modder. An interim solution is not available. More information is available in the Windows Release Health Dashboard. There it says:
The protection of the local security authority is switched off
After installing “Microsoft Defender Antivirus Platform Update – KB5007651 (Version 1.0.2302.21002)” you may receive a security message or warning stating “Local security protection is disabled. Your device may be vulnerable”. Once protection is enabled, your Windows device may keep getting prompts that a restart is required.
Important: This issue only affects “Microsoft Defender Antivirus Antimalware Platform Update – KB5007651 (Version 1.0.2302.21002)”. All other Windows updates released on March 14, 2023 for affected platforms (KB5023706 and KB5023698) do not cause this issue.
bypass: If you have LSA (Local Security Authority) protection enabled and have restarted your device at least once, you can turn off the warning messages and ignore any further notifications that ask for a restart. You can verify that LSA protection is enabled by looking in Event Viewer for the information available here. Important: We currently do not recommend any other workaround for this issue.
Next steps: We are working on a solution and will provide an update in one of the next versions.
Updated May 16, 2023: This known issue was previously addressed in an update to the Microsoft Defender Antivirus antimalware platform KB5007651 (version 1.0.2303.27001), but issues were identified and this update is no longer offered for devices. If you encounter this problem, you must use the workaround mentioned above until the problem is solved. If you have version 1.0.2303.27001 installed and you get a blue screen error or your device reboots when you try to open some games or applications, you need to disable hardware-enforced stack protection in kernel mode. To do this, select the “Start” button, type “Windows Security”, select “Device Security”, select “Kernel Isolation” and disable hardware-enforced stack protection in kernel mode.
Affected platforms:
- Client: Windows 11, version 22H2; Windows 11 version 21H2
- Servers: None
Windows 11 FAQ Instructions, tips and tricks
Windows 10 FAQ All questions fully answered
- Microsoft has problems with a security function of Windows, despite multiple updates, the LSA protection could not be restored.
- Defender update should automatically turn on LSA protection again, but delivery has stopped.
- The update KB5007651 (version 1.0.2302.21002) is affected.
- Microsoft announced another bug fix update at the end of April.
- Workaround not available, see Windows Release Health Dashboard for more info.
See also:
Hacker, error, bug, problem, failure, bugs, fault, troubleshooting, bug fix, hacker attacks, crash, crash, accident, desk, bugs bugs bugs, error, offline, broken, update error, error code, user, Windows 11 error, Windows 11 bugs bugs bugs, user, 404, user
