This article is more than 1 year old

Microsoft freaks out users with Windows 11 warning: 'LSA protection is off'

Alerts telling folks their 'device may be vulnerable' triggered by KB5007651

A recent security update to Windows 11 has put the scare on some users by warning that Microsoft's Local Security Authority (LSA) feature is turned off and their system is vulnerable to attack.

The warnings are triggered by the KB5007651 update, according to Microsoft. In messages to Redmond's support sites and on Reddit, some users linked the problem to another update released March 14 – KB5023706 – saying it started to appear for them after they installed that update.

However, Microsoft is pinpointing the problem as KB5007651, noting in the Windows Health Dashboard that even after the LSA protections are enabled, users may still get a prompt saying they need to restart their system.

"This issue affects only 'Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002),'" the company wrote. "All other Windows updates released on March 14, 2023 for affected platforms (KB5023706 and KB5023698), do not cause this issue."

Speaking of Microsoft... The IT giant's Loop app, a todo list manager that's kinda like Asana, is available now as a public preview. This is supposed to help people juggle tasks, documents, and work.

Windows 11 users over the past week have responded to the problem, which only affects systems running Windows 11 versions 22H2 and 21H2, with a mixture of anger, frustration, and anxiety.

One user complained in a message on a Microsoft support site that his Windows 11 system was "telling me that my local security authority protection is off and it won't let me do anything to fix it. I can't uninstall the update either. Why would you create an update that would leave your users vulnerable to attack? How am I supposed to work now without a computer?"

A poster on Reddit wrote: "Basically a yellow triangle appeared on the Windows Security iron, a week ago. It says that Local Security Authority protection is off. Your device may be vulnerable. There is no option to turn the protection on in the Device Security panel, there is only 'dismiss' option. Is it a bug or is it something I should be worried about?

LSA is a key security process in Windows that addresses authentication and authorization through such tasks as verifying logon attempts, password changes, and creating access tokens. It's such an important security feature that Redmond said earlier this month when releasing Windows 11 Insider Preview Build 25314 to the Canary Channel that it will make LSA protection a default feature.

Starting with an upgrade, "we will audit for a period of time to check for incompatibilities with LSA protection," wrote Amanda Langowski, principal product manager for the Windows Insider Program, and Brandon LeBlanc, senior program manager at Microsoft. "If we do not detect any incompatibilities, we will automatically turn on LSA Protection."

Microsoft said that if users have enabled LSA protection and have restarted their devices at least once, they can dismiss the alerts saying the LSA protection is off and ignore notifications prompting them to restart their systems.

The company also showed how users can determine if LSA protection is enabled by checking the Event Viewer.

Microsoft is not recommending any other workaround for the problem and said it is working to fix the issue, with an update coming as soon as it's available. ®

More about


Send us news

Other stories you might like