Windows 11 security bug fix debacle is seriously embarrassing for Microsoft

 man in a suit gets angry and smashes the keyboard on the monitor
(Image credit: Reshetnikov_art / Shutterstock)

Windows 11 has run into further problems with a security-related bug that’s scaring users and was supposed to have been fixed recently – but Microsoft has admitted that its cure failed to work, and it has been pulled.

This one has a bit of a lengthy backstory, as it were, so buckle up and bear with us as we take you through it to give some context as to what’s happened here.

Okay, so the bug in question first appeared when Microsoft pushed out the March 2023 cumulative update for Windows 11 22H2, causing Local Security Authority (LSA) protection to tell users that it was turned off. In actual fact, it had stayed on, the glitch being the error message, rather than LSA itself actually going wrong.

Still, some Windows 11 users being told that their device ‘may be vulnerable’ due to the lack of LSA protection, complete with a big yellow warning triangle adorned with an exclamation mark, was obviously going to provoke some concerns.

What really didn’t help is that the error persisted continually, even after reboots.

Microsoft gave us a workaround at the time – if you can call it that, we were simply told to dismiss the (repeated) error messages, and assured everything was fine with LSA. But a welcome sight was an official fix for this problem arriving at the end of April.

That cure for the LSA error blues arrived in the form of an update for Microsoft Defender, but sadly, this brought forth some new bugs – yes, argh – namely driver conflicts, hitting some PC games with crashes (due to anti-cheat software).

And now, as Neowin observes – while pointing out reports from its own readers of the LSA bug still being present – Microsoft has updated its health dashboard for Windows 11 to admit that the Microsoft Defender fix caused these unwanted side effects, and it has now been pulled.

Microsoft tells us: “This known issue was previously resolved with an update for Microsoft Defender Antivirus antimalware platform KB5007651 (Version 1.0.2303.27001) but issues were found, and that update is no longer being offered to devices.”

Analysis: Fix with one hand, break with the other

So what’s the upshot? The LSA problem remains, and Microsoft is working on a new fix, with the old one stuffed firmly in the bin. Those who have already got the old fix applied (KB5007651), mind you, are kind of stuck with it.

Microsoft advises those who are already running KB5007651 (Version 1.0.2303.27001) that they will need to disable Kernel-mode Hardware-enforced Stack Protection.

The software giant provides instructions as follows: “To do this, select the Start button, type Windows Security and select it, select Device Security then select Core Isolation then disable Kernel-mode Hardware-enforced Stack Protection.”

We’re not exactly sure that’s an ideal situation on the security front, though. But hey, if it’s Microsoft’s official advice, then it should be fine.

Meanwhile, for those still affected by the LSA bug, Microsoft instructs them to go back to that fabulous workaround mentioned previously. Yes, just ignore it, and while it will irritate you by continually popping up, there’s actually nothing wrong with LSA (in distinct contrast to the yanked-down fix which definitely did cause driver-related havoc).

This has been a very messy episode for Microsoft, and not one that will especially give Windows 11 users faith that the QA department has a particularly good handle on what’s going on with the OS. Hopefully, a solution that doesn’t break a bunch of other stuff will be forthcoming soon.

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).