One of the latest updates from Windows Update in Windows 11 seems to have caused a security issue, disabling (and preventing you from reactivating) one of Windows Defender’s protection options : Local Security Authority (LSA) protection.
The Local Security Authority is one of the critical functions of the Microsoft security subsystem, taking responsibility for, for example, verifying password changes and login attempts. Login data theft attacks are, with this component enabled, much more complex for potential attackers.
The information has been sent to us by a user who points out the sudden rise of this problem in the Microsoft support forums:
“It seems that the problem has been circulating since the end of February and is now exploding as more updates are being released from Windows Update.”
LSA is a Windows protection mechanism that prevents unauthorized access to various parts of the system by potential attackers.
In fact, the first cases collected date from even earlier, from mid-January ( example ). Apparently, according to some of the affected users, the update responsible for the problem would be ” Microsoft Defender Antivirus – KB5007651 (version 1.0.2302.21002-0) “.
Users are suddenly faced with a yellow warning icon superimposed on the traditional blue Defender icon in the system tray, and upon querying the reason for the warning, they are met with a message advising that LSA protection is disabled and the device is now vulnerable.
It is useless to reactivate the relevant option in the Windows Security panel, not even if -as Windows asks us- we restart afterwards. As one affected user warns on the Microsoft support forums:
“Even when I enable the option and reboot, this warning is still there.”
One of the volunteer forum moderators provides a four-step solution to the problem (which has since been endorsed by Microsoft representatives on the same forum… and by grateful users who got their issue resolved ):
- Open a Notepad text file and copy and paste the following text :
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“RunAsPPL”=dword:00000002
“RunAsPPLBoot”=dword:00000002
- Save the file as ‘E nable LSA.reg’ (not as .txt).
- Open the file: that will automatically introduce those changes to the Windows Registry without the need for us to manipulate it in Regedit.
- Restart the computer.
