Microsoft has confirmed earlier today that it has fixed a major issue with Windows Defender wherein it would incorrectly display "Local Security Authority protection is off" even when the feature was toggled on and the device was consequently restarted to complete the enabling process. The Local Security Authority, or LSA, authenticates, logs and maintains all information related to the local security of a system. The bug was affecting all Windows 11 platforms, i.e., Windows 11 versions 22H2 and 21H2.
The Microsoft health dashboard describes the issue as following:
After installing "Update for Microsoft Defender Antivirus antimalware platform - KB5007651 (Version 1.0.2302.21002)", you might receive a security notification or warning stating that "Local Security protection is off. Your device may be vulnerable." and once protections are enabled, your Windows device might persistently prompt that a restart is required.
Around a week ago, users online started noticing that Microsoft had pushed a new update "Windows Security Service version 1.0.2303.27001" under the KB5007651. The update seemingly fixed the LSA protection off and today, it has been confirmed by Microsoft itself. The tech giant has updated its health dashboard for the issue with a new resolution section where it has basically confirmed the earlier report. It says:
Resolution: This issue was resolved in an update for Microsoft Defender Antivirus antimalware platform KB5007651 (Version 1.0.2303.27001). If you would like to install the update before it is installed automatically, you will need to check for updates.
Interestingly, it looks like the new Defender update resolved the issue by updating "Kernel-mode Hardware-enforced Stack Protection" security feature present under Core Isolation (VBS) in the Windows Security app.
3 Comments - Add comment