A memory leak on the Windows Server update for this month’s Patch Tuesday could cause domain controllers to crash, Microsoft noted in a March 20 posting on its site.
Microsoft said the root cause has been identified and it plans to work on a resolution to be released in the coming days. They were quick to also point out that the issue does not occur on home devices, only IT environments in organizations using Windows Server platforms.
***
“Security teams also need to balance the speed of the roll-out against the risk of delaying patching to allow better testing,” said Leonard. “If the environment is exposed to a vulnerability under active attack, the team might have to accept the risk of mass deploying the patch, understanding that it might occasionally have a negative impact on IT operations, but it’s better than a breach.”
The implications of this issue extend beyond immediate operational disruptions, explained Callie Guenther, senior manager, cyber threat research at Critical Start. Guenther said it highlights the inherent risks in the cumulative update model, where a single update can impact critical infrastructure. For enterprises, it underscores the importance of robust testing before deploying updates in production environments.
Read the full article on SC Magazine.
