Security News > 2023 > March > Microsoft: Defender update behind Windows LSA protection warnings

Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority Protection is off.

LSA Protection is a security feature that defends sensitive information like credentials from theft by blocking untrusted LSA code injection and process memory dumping.

Widespread user reports say that "Local Security Authority protection is off. Your device may be vulnerable." warnings have been showing up even when LSA Protection is enabled, as BleepingComputer reported on Monday.

Today, Microsoft acknowledged this as a new known issue causing affected Windows devices to persistently warn that they're vulnerable and that a restart is required after toggling on LSA Protection.

Redmond says that the persistent restart alerts will only show up on systems running Windows 11 21H2 and 22H2. "After installing 'Update for Microsoft Defender Antivirus antimalware platform - KB5007651,' you might receive a security notification or warning stating that 'Local Security protection is off. Your device may be vulnerable.' and once protections are enabled, your Windows device might persistently prompt that a restart is required," Redmond explains.

Microsoft says it's working on a fix for the persistent LSA Protection warning issues and will provide more info as soon as available.

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-update-behind-windows-lsa-protection-warnings/