微軟再次推出 Defender 防病毒更新(於 XNUMX 月首次發布,於 XNUMX 月下架),修復了觸發的已知問題 Windows 本地安全機構 (LSA) 保護已關閉的安全警告。
Microsoft微軟 承認 這個問題影響 Windows 11 21H2和22H2系統之後 大量用戶報告 about “Local Security Authority protection is off. Your device may be vulnerable.” warnings, although LSA Protection was already enabled.
LSA 保護措施 Windows 通過阻止將不受信任的代碼注入 LSASS.exe 進程來防止用戶的憑據被盜,這可以幫助攻擊者提取敏感信息。
雖然雷蒙德表示該問題源於 XNUMX 月份發布的 Microsoft Defender 防病毒反惡意軟件平台的錯誤更新,但受影響的客戶一直報告看到這些 LSA 保護警報 至少從 15 月 XNUMX 日起.
“這個問題已在更新中解決 Windows 安全平台 反惡意軟件平台 KB5007651 (Version 1.0.2306.10002),” Microsoft said on Wednesday.
“If you would like to install the update before it is installed automatically, you will need to 檢查更新“
26 月 XNUMX 日,雷德蒙德 首次發布 KB5007651 Microsoft Defender 更新 修復已知問題並幫助用戶擺脫持續存在的問題 Windows 安全重啟警報。
然而,這是通過刪除 Defender 更新中的設置來完成的,以確保令人困惑的警告不再顯示在 Windows 設置應用。
差不多一個月後,即17月XNUMX日,該公司停止了 推KB5007651 由於藍屏或遊戲時系統意外重啟而受影響的用戶 Windows 11 安裝更新後。
“This known issue was previously resolved with an update for Microsoft Defender Antivirus antimalware platform KB5007651 (Version 1.0.2303.27001) but issues were found, and that update is no longer being offered to devices,” Microsoft said at the time.
“If you have installed Version 1.0.2303.27001 and receive an error with a blue screen, or if your device restarts when attempting to open some games or apps, you will need to disable Kernel-mode Hardware-enforced Stack Protection.”
解決方法也可用
Redmond also provided a temporary solution for customers who can’t immediately install KB5007651, with the company advising them to disregard the reboot notifications.
“If you have enabled Local Security Authority (LSA) protection and have already restarted your device at least once, you can dismiss warning notifications and disregard any further notifications urging a restart,” Microsoft says.
要檢查您的計算機上是否啟用了 LSA 保護,您可以使用 Windows Event Viewer and look for an “LSASS.exe was started as a protected process with level:4.” Wininit event which confirms that the process is isolated and secured by LSA Protection.
當電腦發出嗶聲時 以前建議 a method involving the addition of two registry entries to remove these warnings, Microsoft explicitly states that they “do not recommend any other workaround for this issue.”
兩個月前,即三月份,微軟宣布 LSA 保護默認啟用 Windows 11 金絲雀渠道的內部人員,前提是他們的系統通過了不兼容性審核檢查。
